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Module 9 


Performing Boot and Shutdown Procedures 


Objectives 


Upon completion of this module, you should be abl« tp; 

• Identify run level fundamental# 

• Identify' the phases of the boot process 

• Control boot processes 

r 

• Perform system shutdown procedures 



The foll*H'in£ cour&f uwp ^*ov& how this module fits ink> the cwrent 
instructional goal. 

Performing System Boot Procedures 
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IrtpnttyEp g Run Level Fundamenta ls 


Identifying Run Level Fundamentals 

A run level is a s^iom sLMe, r**presenked by a digit or letter, that define* 
what service arui resource* a ir?ently available- to users, The system i* 
always running in A single run level. 


Solaris OE Run Levels 

Table9-l shows the eight run levels found in the Solaiis OE. 


Table 9-1 olaria OE Kun levels 


Run 

Level 

Function 

U 

System running the PROM fcnonit?*. 

s or S 

Solaris OL»ft*t|gJe-«jB*y mode with critical Die syslci n?> mow ted 
and accessible. 

1 

The system i: 1 LIEUIM-ILL in ,■ ^ ntrle^user administrative -i.u. 
with access to fill available file systems. 

2 

; -v|0^ 

: §$88$fo 

■ ¥ 

The system i* supporting multiuser operations. M ultlph' uiM*rs 
can access the system All Bysietn gasmens are running except 
for the Mot work Lib. Svstenj (NFS) server and some other 
network resource server mfoi^d daeme 

3 

i 

The tfyHti'm supporting multiuser operations ,ind hay 
resource slwrmft-md other network resource senders avniLthh*. 
Specif lih 1 the default run level in the /etc 'ini ttaJs file 


Thi?, Level 1* currency not implemented. 

:■ 

A lrnnMliiin»il run level in which the Solaris OE is shut down 
and the system is powered off. 

6 

A transitional mn fowl in winch the Solaris OE is shut down 

and Uw system reboots to the default j Un level. 
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Identifying ftun Level Fundamentals 


Determining a System’s Current Run Level 

T# d etermine the current run level of a s> r s*em, use the who -rcomtnand- 

Figure 9-2 shews output frem the cemmand. 

I who “r 

. run level 3 Jun $ 0S:3u 3 0 S 

J ! 


^" 
7 Date .a id timt of tne ast run \ _ 

l ".,,,,. V ,J 


i i M ..mirniMr-^ 

_ )- 


I since last reboot y 

i il l i i i i j. i iu j i i imn i i,mi i i i * 

Previous run level J - 


w 


% 


Figure 9-2 The System's Current Run Level 


Chanf ing Run bezels 

w~ . ^ 

Run levels are sometimes referce^i ^ as init states because: th c i.-iib 
|| process tru i^tdons between r un levels. You c an use the ir.it command to 

manually nu%level tr.rmsity£hst You am also chango run levels 

® with hl|i£> rQnmmt^^d p*ver«ff commands. 


I m§ 
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Identifying the Phase s of the Boot Process _ 

Identifying the Phases of the Boot Process 


9-4 


In general when a sys bom i$ powered on/ the PROM monitor runs a POST 
procedure that checks the hardware and mem>n * on the system, Ii no 
erroi^s are found, and the auto-hoot? parameter is Set to true* the system 
begins the automatic boot process. 


The entire b#ot prr>cra> is described by four distinct phases 

• The boot PROM 

• The hoot programs phase 

• The kernel initialization phaso 

• The in it phase 

Figur*>9-3 showy the phases of ll've boot process. 


m 


Boot PROM 



m 

mm 


Boot programs phage— 

1 m 

"W 

m 

fc*rneJ ittBangSofi phase— 


"proKTruhs post ; 

( Locates —A--.- iv* 

c . j^fU^bootb.fc. 

" ~j .i Lagcjfr kbit- • h ^3 

C ::ootblfc Loads Secondary \ 

fltroi Program (uJab.-:-?i ) J 

. V ~T 

\ifsbbOG; Loads ktarnal: 1 

_J 


S2-bH-or^bft;k€ - 


init ®hase- 


1—(_ 

kernel Reads Con%Uration 

Fio 


_*_.... 


kernel Initializes Itself 



and Loads Modules 


* 


kt-MT^O Starts 



/fi£t/v r=i ; 




ir\ ■ t SJarts 


t= 

l » Sciipts 

=? 


Figure rha<^> uf the Boot Process 
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Identifying the Phases #f the Boot Process 


Boot PROM Phase 


The b##t PROM performs the following steps during the first pari of the 
boot sequence: 

• The PROM rims the POST. 

The boot PROM firmware runs the FOCT to verify the system's 
hardware and memory. It then begins ifc b««t sequmcc upon 
successful completion of the self-test d'lagnostics. 

• The PROM displays the system identification banner. 

The model type, processor type and speech keyboard status, PROM 
rtf vision number, amount #f installed random access memory 
(RAMi, NVRAM serial nutnbor, lflWnJ address, and host ID are 
displayed. 

• The boot l 1 ROM determines the bout tffevke by leading the PROM 

parameter bo t d r v ■. c e. H 

• The boot PROM disk label leafed at Sects^TTon Lhe 

default boot device- , , 

• The boot PROM finds die jicct program iroify tke-iie f a ul t b o<> t device 
programmed into the PROM, 

The b««t PROM program reads a system's primary boot program 
called b&ccblk (located at Sector^ 1 tlu«ugh 15) tliat contaiixs a 
UNt\ llfeiiystejp (ufs) file sy^t^n reader. (The bootblk program is 
111-... Pitied f|j|he b v the i^stallbocr program during system 

The Dootoummand l«ads the b««tblk program fr«m Us loention on 

• . :|| th^ boo jpevke into memory. 



The following describes the boot programs phase: 

• Ihc hooLblk progni i loads the secondary b««i program, 
from the boot device int# menuty 

lhe p>ith to u£f oot: is recorded in the boetbik program, which is 
installed by the Solaris OE nlily i.iL*Lnllb:;o-. 

• The ufsibooL program locates and loads the appupriate twa-pari 
kernel. 
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Identifying I he Pha ses of the Bool Process 


The <x>re f the kernel is two pieces of static mode called genun : .x 
and JJiix- where* g«nunix is the platfirrm-independenl generic 
kernel hie And iriix is the platform-specific ker.oel fiik. 

When u£sb#ot loads these two files into mcm«i*y r they are combined 
tm form lh<_> running kernel. 

On a system running in 32-bit mode, the tw -pait kernel fa located 
in the directory /pldcform/'unajne -m' /kernel. 

•n a tern running in 64-bit mode, die two-fart kernel is locvited 
in the directory /?lat£«rm/ 'unanve -:u'/ker n£l/*parcr/9. 



Note - To determine the platfoim name (for the system 

hardware class), type the unane- -it c^cnmand. For sample when you 
type this command on an Ultra 10 workstation, the console displays 
£U£14U. 


The kernel Initialization Phase 

The following describes the kernel initialization phase: 

* | 

• The kernel roads it* configuration fi]e r called /ecc/jiystem. 

• The kernel initiolifccs itself and begins4oading modules. 

The loerrel the ufshc^c command to load the files. When it 
. ;.;:,;; ;v . |^s : loadcd enough modules to inbuilt die r##t tile system, it 
‘ imm^ps the cfsboor pro ram and c«n nuos. 

m Ih^^lla^sl Starts the /etc^inis pi«cess. 



Noic-The/s-c/irlt and /cbin/i-iifc processes an? linked together. 


The SunOS 1 * b a small s6a c core, cmr^isUng o f g^mmlx an d 

udIj^ and many dynamically loadable kernel modules. 


Modules can c nsfal of dt*\?iOe drivers binaiy files to support file Systems, 
and streams, as well as other module types used for specific within 
the system. 


The modules that make up the korn^l typically reside in the direcloi'lcfi- 
/kernel and /usr/k^m«l, llntt'orm-dependent modules resldo fn the 
/T»laTf«rni/ 'una.TO -in' /)v*rn<kl and /platioiTt 'unaiuc -i ' /kernel 
direclnties. 
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Identifying the Phases of the Bool Process 


Each subdirectory located under these directo ies (see Figure 9-4 ) is a 
collection of similar modules. 

F I kernel 

■ Tl drv 
“□ exec 

■Q = 2 

~~D q&r..ir 1 >: 

- Tl arise 

-□ scheP 

—[~J strived 

4l] 2ys 


Figure <M Module Subdi cci ricsinthe /kernel Directory 

m* | 

' ' s c ; 

Ihc following describes the types 1J module subdi’recto ies contained in 
the / ken:el r '/usr/kernel, /plat t&rir./ - :.cri£u-Le^ -tt % /kernel, or 
/plaLf cxiiL/ 1 ■ i ' /kernel directories; 


m 


0 

drv- 

0 

•2XGC - 

o 

f& - IT 

Si 


Hi 

L-c:k.ki 


tile formats 


* 


Streams rfibdxiles (generalized connection between users 
and cS-tt drivers) \ 

* ' | 

sys -^||p:em calls (defined interfaces for applications to use) 


The /kerTLel^rv directory contains all of tlie device drivers thi.it are used 
for system boot. The /usr/kernel/drv directory is used for all other 
device drivers. 


Modules air loaded automatically as needed either at boot time or on 
demand, if requested by an application. When a module is no logger in 
use^ it migh t be unloaded on the basis that the memory it uses is needed 
for another tn&k. 


After the froot process is complete, device drivers arc loaded when 
devices/ such as knj*c devices, are accessed This process is called 
*iutonc>nf juration because some kernel driver modules aro loaded 
automatically when needed. 


Perfa/ming irotand Shuldov/n Procedures 

Copyright 20Cf Sun McraBy*1em Inc. Aimigtes q**jrv«clSun Serviced Hwlslsn A.2 






Idarct ilying thg Phases of the Boot P rocess 


Upon initial ox mconfiguratioa boot, th e system does a self-1 Oftl und 
checks for all devices that are attaehnj. 

The advantage of t!\j* dynamic kf-mal arrangement is that the Overall 
size of the kernel is* Smaller, which makes more eflicient use of memory 
and allows for simpler modificati on and tuning. Figure *-5 show* this 
arrangement. 



32-biE Kernel 

/piat.fortn/ 1 join* -m'/Ve r.npi/unix 
/plati:»rn/ ’unarfe -ni'/kernfcl/fefVvioi.x 

64-bit Kernel 

/platform/ r unani(/ -it 1 /kfcrne:l/^pa*Cv9/;i:ix. 
/plat, farm/ * jruxM -ff* / k*rn el/sparcv S/genux? tx 


- ' In Me r ncwy"^ 

8tflfi5“CSre ,,,|J1 

unix 
— gamin 1* 

Device Driver 
Modules 

Streams 
MokJw 


fctocfixe Directories 
/teru-l 
/usr/ker^°I 

/jHatzorjfi/’vinene nt'/kerne' 

’ Jtiarr.t '/kernel 



Figure 9-5 The Kernel fluid Modules Loaded in Memory 


Note - Tlfe|raarcv3 CPU is the type of CPU fchal supports 64-bil 

processing. 

-— _ 


U| 

■m 


The /etc/system File and kernel Configuration 



Caution - The Safari* OE builds the kernel based upon itw sukf of the 
system (memory, CPUs, an d so cm). In a I most all cas^the p»>rforinance of 
the default kernel that i$ built is quite adequate to handle most day to 
day ac ivities oi\ the system. Any modifications should be made with 
extreme caution. 


The /etc/systetr. file is tlvc control file for modifying which modules and 
parameters are to be loaded by the kernel at boot time. By defiuiltr all 
lines in this file are commented out- 
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Idertiifying the Phases of the Bool Process 


Modifying the kernel's behavior (or aunfiguiafion) require; editing the 
/etc/sysLen file. Altering this file allows you to oxxiify the kernel's 
Iraniment of loadable modules as well as to modify kernel parameters 
/•r some performance tuning. 


Th«? -^fsbeot program ooni-ainu a Jisi of default loadable kernel modules 
tl\at are loaded fit boot time. However, you can override this list by 
modifying the /etc/system file to contrel which modules, as well a* 
which parameters/ arc? loaded. 


All changes lo this l ile take effect after a reboot. 


The /etc/^yefcero file can explicitly control: 

• Hie search path for default kernel mnduJetft* be loaded at boot 

tin ic w| 

• The nx>e life intern type and dev ice 

• The modules ttiat are exdudod fe>m loading autcmaiifaJly ut boot 
time 

• lhe module> to be forcibly loaded at boot time, rather thut *it first 
access 

“ . 4,,.. 

• Th? new values to override Uie default J%mel pnrammer v#lue* 


Nole - Command Tines muk>t be 80 characters or less in length, and 
comment lines must begin with an asterisk (*) and end with a newline 
f|| character, 


* 


~- 


The file is divided into fve distinct section*: 




Sc Is lhe search path for default loadable fcramel module You can 
list toother multiple directories to search, deimuted eitfier by blank 
spaces or colon*. U the module is not found in the first directory, lhe 
second dirtvtoiy is saaiched r and so civ 


Penning 8 oot a/i d Shuldown Procedure 

Cotyn9W2jD03(fe/vywpre. CnC- Af to&ts Rtt^mdL SunSsvK. Ret&knAJ 


9-9 














identifyi ng iho P hases of ihe Bo ot Process 


• root, device an<2 £99 1 file system cor.f iguracior.t 

Sets the r«ot file system type to the listed value. The default is 
rwtfS:Ll£. 

Set* the rootdevice* The default is the physical path name of the 

device on which the boot program resides. Hie physical pathname is 
platform dependent and configuration dependent The following [5 
an example path: 

iTOttfev .fSCCCCOO/aspfcC, 8 OOOOO/ 8 d 03 ,C:a 

• exclude: 

••os not allow the loadable kernel modules to be loaded during 
kernel initialization, f#r example: 



Changes kernel parameters to modify the operation of Ihe system, 
for example; 



sei j^nx’^sers =40 

Editing the /ets/sy9tem File 

Before you edit the /etc/system file, you should make a backup copy. If 
you enter incorrect values in this file, the system might not be able to 
boot 

The following example show* how to copy the original /etc/ays tern file 
lo a backup file and Ihnn edit the /etc/system file. 


■ Cp /etc/«y*fcero /et:c:/«YYt€Bi.arlg 
¥ vi /«tc/9y*tan 


If a boot process fails because of an unusable /ete/sveten files Issue the 
interactive boot command; b#ct -at. When you are requited lo eruer 
the name 0/ the s>-st err file, type in the name of vour backup gys^ew: 
file, or, aWernafivelly, enter /dsv/null for a null co<r\figurati on file. 
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Identifying the Phases of the Boot Process 


The init Phase 

The final phase of the boot process is the irJ.t phase, During this phase, 
the ini t. daemon starts the run control (re) scrip* that shut other 
processes. The init daemon j$ a general process spawner. [fcs primary role 
is to create processes from information stored in the file /etc/inittak>. 

The iniL daemon executes system star up (re) scripts that, in turn, 
execute a series »f other scripts. 

After the L-d t pha&£ completes successfully, the default behavior is to 
display the system cominandTme login prompt o^the GUI login window. 

The /etc/init.t.abFife u-'k | 

W-Tien you boot a system or change run levels widi th^ini.. or shut-d^m 
command, the init daemon stops process, stilts pr JSIses : , or d«es botlr 
bv reading information from tiie /etWltritSiB file. v - : T 

£ ♦ ► fO 

Dio ixiittab tijL defines three important items for tlih .Init process: 

• The sysicji?^i|fault run level 

• What actions to take v^hen the s^tem enters a new run level 

• What processes to start/ monitor, or restart if terminated 


Eadhllne entry in the /^tc/ini 
neld:ll|' 


lie contains die following four 


d; rs Li! i_|^£pfc i an i prvc&s S' 

Figure rin -ini - tab entry, 



rtw>di®TacSer Ideniffier for the line entry ’ } 

-fOn 

e nr more run levels to which tots entry assies ") 


w the process (in toe nerifieto) is to be treated '7) 




anri pr script to execute 


d) 


n 


S 7 r 1 : rtEi.i - : / a bin/ rc 2 > / dev /magi oq ?, <> /de 1 v/m$q . og ov/ c rj 5 n-■ 

Figure 9-6 An /er.o-/ hi ctao File Enhy 


Performing Boot an* $huldgv/n Procetfu/es 

CtpyigM 2jQf3Sujl MicfOAySloins. Inc. All Right R» 2 r/ed. SUnSe<Vl«fi^^«vi'!<apji A..2 
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Identifying the Phases of th e Sod Process 



Note - outpul from script Is directed to the /dev/ctsg: ^ 

tile. I’rior to the Solaris 8 OE, all of these meraggs wecv written Jo the 
/d^v/ccncole tile, The /dev/naglog file is used for message output 
celleetion from system startup or backg oun applications. 


Table 9-2 shows An explanation for each keyword. 


Table 9-2 "Jin* action Field Keywords 


Keyword Explanation 

Ir.i tde^ftU .1 1 

Identifies Ui£ dirfa ult run level Road when the inut 
p roce^ & iru daily invoked. Used l?y the ini t prOcee *to 
determine which run level t# ce vte r initially: The dr fault 
hr\u\, level y_ 

sy^ir_L 

1 bifvute* the process be/ote the init p»oce*& trn*s$ tv 
ACce&^LlhecnAf^o le (for example, fli c console login 
premptj. The ini ■_ process waifc for completion u* the 
process be aw ti continues to lead ihr file. 

wail 

Starts a process and waits for it to complete before 
moving to ths next entry that o#ntairfe the same ru n 
level. 

reipai-TTi 

If tile process dfcs, ihe ini _ plocess restart* it. If the 
prtK'tf^ does not exist, the ini r process starts il and 
conlinueanestling the inittaJt file. If U\t? process does 
exfct, no actloads required, and the init process 
am Himes reading the init tab file. 

powerfail 

... 

Executes the process only if the ini: process receives a 
|POWCf Nil L signal 


Caution - If the r&LdLe field is empty and the ix:itxl=favlt line is used, 
the rotate field is interpreted as 0123456, and the init process enters 
run level 6 as the default. This causes the system lo reboot oont nuously 



Note -1 formation nbuut additional action keywords is available in thn 
jr.ittab man page. 
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Identifying the Phases of the Bool Process 


Hie loLLowing js ancxaropLe of a default /ecc/inittab file. 


ap; rsi'sinit:/sbixi/a . t»j»ush -£ /ecc/iu.ap 
a^j :ayair.it:/sbin/s®ccnfig -f /etc/s •ck2]»atb 

= S] :sy^siniti/abin/rcs s\rsii:it >/dev/m&gl»g 2<>/d<~v/msgl«g </d#v/console 
i s ; 2- : initdezault: 

p3 :al234 :pws)rfaij : /nsr/shizz/shutdo^-n -y -i5 -gO >/dev/i^glcg 
2<>/dev/msglog 


as: a :w<xit : /abin/rcs 
s 0; 0; -A-ni t: / sbir, /r c0 
al:l: r±spii'/!7u /sbin/rc'J 
s2:23 rwait: /sbin/rc2 
s 3; 3 ; i waic; /sbir./rc3 
s 5 [ 5: v;ai t: / abln/i c5 
s 6; 6 ; /stein/rci 

fw l 0 : wait : /abin/usdnir. 
c i; 5; T /;a i t: /sltin/uatfrrir. 


>/dev/iragi »g 2<>/der.7/n»gl®g </dev/ccns«le 
>/dev/ir.sglog 2<>/€ev/msgl*g </d£Wc*ris®le 
>/dsWmsgl»g 2<>/dev/nsglog </d< 2 v/c#ns«l£ 
>/dev/jn^glcg 2<>/dev/jnsglog </der v -/c«ns»le 
>/dev/nsglcg 2<>/dev/magl«g </dev/c#r.a«le 
>/d^v/riHglcg 2<>/d<*v/mggl*g </dev/console 
>/d«r^/msglog 2<>/dev/. < naglog </d®-.//cof:a«l« 
>/dev/jnsglcg 2<>/devAnsgLog ^./dev/console 
>/dev/?nsgl«g 2<>/deTO&aglag </dev/cc\ria:cl« 
>/ de r. r /jnsgl#g ^o/d^Vm^g.Lcg </dev/concole 


rb: 5 : v/a i L: / sbin/ LiadiiL_ii 2 
sc- 234;respauiir/usr/lib/aaf /sag... -t 300 

234: rea^awii:/ uAr-/lib/«af/tjflfcn «-h -p H v uneu>ej=:n 
-T aun -d /c.cv/c«ns*Ic -1 consul'll -:i e m) ttcvurc;a|P : ' 


console lcffim 


% 


Ml 



Feiftrmfng Coot and Shutdown Pr#csdureg 

C«pyrl£it 2*33 Sun r.l£K»ys*e*ns. iuc.Alinigiil^nejerv^d $j n $en.ii**s,%ul£a*n A2 
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Ident ifyin g the Phases o f the Boo; Proc ess 

The JaHowing describes each of the fines in the ini;: tab file in order 

1. Initialise the strcnms modules 

2. Configure* the s<»cket transport providers 

3. Initiatives- the file sy^frums 

4. •eh'nes the default run level 

5. •cscril>E?:ti. a power ftn'l shutdown 

6. Defines ^htgle-user rruxfe 

7. Defines run lfivd 0 
ft. Defines run level I 

9. Defines run level 2 

10. PeJlnes- run 3 

11. Defines run level 5 
12_ Pefines run level 4 

13. #efir«s the HMn*ition to firmware 

14. Defines Ih e t ran^ition to power off 

15. Defines the transition la i&boot 

16. Initialize? the service art^FCvuntmller % 

■*MC^ T 

17. Inif^Jivey the tlyiran port m*nTbar 4 places a command-line 
login prompt to Iheavnsole 

ii- mi:-' 

m ml 



9-14 


intermediate System Administration to* ihe Solaris 7 " SQtesratirttj Environment 

Cnw^h*2«X33lm WbOTyfvm tec. Al fcQKa ttouwved Sot Senizm. «e%s=gnA2 







Identifying the Phases of the B##t Process 


The init Process 


Figure 9-7 shows the proofs of bringing a system to the default run 
level 3 - 

[ " j-nltPhasaPmowss j 

/etc/ J r1 ctab Pil-f? 

~ i 


. Sets irvitda^aMlt Jn 
Run Levet 3- - 

——_ 

' Execute commands with 

■jasysinit entry in the 
j , action field 


Executes commands with 
a level 3 entry In the 
rstata field 

ILi 




/ abi n / aj~ opusln 


/sbi^/aoconfig 


/abin/rc £ 



i—L 

/ Sbin / re 2 

J 




—r 

,/ ah i n / re 3 

J 




—C 

/uaz/life/aar /ss,t 

1 


i 


—( 

/ j e-z / lib/ saf / - tynoin 

1 


Figure 9-7 The inir FroceS^' 


■ 


the following: 




The init process ;read& the /etc/iaiht^iK t'i 

1 - fdentify the initdefault entry/ whiefbaWines the default run 
■ 3. 

2. |gJJ||jfe any process entries that have sy.^ini t in the acizicnfield so 
thrit , 4^y special ihlBMizatLort tan Like place before users log in. This 
incluJIfy. fhe ex ec utio3bin / r c s, which mounts and checks the 
/ (xa^^jg/usr, / var, aAi /Var/acrn file systems. 

3 . Execute any process entr ies that have 3 in the rotate field tmd an 
appropriate keyword in the action field, which match the default 
run level! 3 


The commands executed at this run level include: 


• /usr/5fcin/shut:d*wn - The jnit process runs th# *tr.itdc:™r. 
etouncmd only if the system has received a power fail signal. 

• /sfcin/rc2 - Starts the system daemons, bringing the system 
up into run level 2 (multiuser in ode), 

• / -sbin/rc.3 - Stars NFS and other network resource servers for 
run level 3. 


Perfo/ming *«ot and Shuldtvm Procedures 

Copyright 2000 Son Mcrc&ystems, Inc. All FilQhrlEd. SunSprvi^es, Priori A.2 
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Ide ntifying the Phases of th e Boot Process _ 

• /u»r/-ib/8»t/sac - Starts the port monitors for devices, such 
as ASCII terminals and <wid™. 

• /ixsr/lib/sa£/Ct!^n- Starts the ztyaxm process Lhni 
monitors tlte console Tor logx n requests The default 
termna^.type m all systems as listed in the /etc/inivtab 
file is sun. 
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Controlling Boot Processes 


Controlling Boot Processes 


Hie Solaris OE provides a series ol' run control (re) scripts t# step and 
Start processes typically associated with run levels. 


The /skinDirectory 


Each run level has an associated rc script located in the /shin directory 
Figure 9-8 shaves the rc scripts associated vi th each run level in the 
/ sbin directory and their inode numbers. 


] / (root) 

I— ! sbi r. 


-Si 


zr^iD 14715 

-Cl r47155 ■ 

1 

c 47156 ^ 

rt3 i 


F7\ 

iL ip 

—|§| rcs ( 4715a) 


rc6 { 471 


& » 

& li 


✓ 


Figure 9-8 The /sbi.^ Birectwy With Inode Number* 


Thf rc seripis are executed by the init process to set up variables, test 
c«nditi#ns, and make calls to other scripts that start and stop processes f#r 
that run tevel. 

The rc scripts r cO/ rc5. and rc8 are hand-linked to each oth^r. Notice 
each script is assigned th^samc inode number. 


Performing Cdd; and Shutdown Precedes 

C«*vrKirYt 2003 Sun Microsystems. ire. All SighteReEerved. SunS©rvics<5..Sevi'si*nA 1 2 
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Conbollrig Bool Processes 


The following is an exampleof the hard Knk^: 


* cd /abin 
w Is -i ro* 

47154 rcO 

47155 rcl 


4715* rc2 
47157 xc3 


47154 rcS 
47154 rc6 


47151 res 


The Solaris OF provides the same series of rc scripts in the /ecc directory 
for backward compatibility These scripts are symbolic link files lo the rc 
scripts in the /shin directory. 

The following example shows this connection; 


# cd /etc 

* Is -1 rc? 

Irwxrwxrw* 

2 r\vxr-»vxz wx 
OKTWKTW3C 
IJTOEEWXTWX 

I T^xrwxrwic 
Lrwxrwxrvx 
il^CTTQCtr^X 


1 root. 
1 x«ot 

1 root 
1 r«o~ 
1 r*c- 
1 rccc 
- root 


r##t 

rsst 

r##c 

rooi 

rcc; 

r^ot 

root 


11 Feb 22 14:19 rcQ.;-> . . /sbi.n/rcO 
11 Feb 22 14:19 rrl 'p> < «/sbir./rc: 1 
11 F=-Jb ..22 14:19 rc2 ' L > . .7s»",i Vrc2 

11 Feb 22 14:19 rvt? -> ?. /^bin/rc3 

21 F«b 22 14:1? re5 -> . ^/Mjfn/rc5 

’ ’ Feb 25L 1:4:19 rC6 -> * . fcbin/rc£ 

11 Fee 22 14: 13 rc£ > .. /$triji/rcS' 


loble 9^3 summarizes ihe ta*k? pei fai«ned by each of th^ /sbin rc scripts. 
Table 9-3 Run Ciontro^ccipfs and Their Functions 


rc Script 

Function 

i-'sbin/rcO 

R imn t he / etc / rc 0 . d/ K* ^cri pH ah l \ then the / otc / red . d S ' hl riph> to 
perform the following lv4.s 

* St*p& system services d daem+ie> 

♦ Terminates all miming proceeds 

• Unmountsallfilesy^tecns 

Start scripts should only perform fast system cleanup functio H. 

/sbin/arrl 

Runs the /ecc/rcl. d/F^ ripH to perform the following Li’-ks: 

■ Slops system serviced and daemons 

■ Terminates all running user processe 

* l'nnio\mt3 all remote file s^tems 

* Mounts ah local hie fiysterns t i thv previous ran level was S 
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Controlling Boot F rocesses 


Table 9-3 Run Control ScripW and Their Pune ions (Continued) 


rc Script 

Function 

/sbin/rcS 

Runs the/etc/rc2 . d/K■ scripts and then die /ete/rc2 . d/S* scripts to 
per for rii the following t asks- 

• Mounts all local f )c systems if the prev ious run l«vdl wa$ S 

• Removes any files and subdirectories in the /trip directory 

• Con tigu res system accounting 

• Configures the default router 

• Starts most of die svstem daemons 

r 1 

/sbin/rc3 

Runs the /etc/re 3 .d/K* scripts and then the /eui/iei .d/£* scripts to 
peroren the fallowing tasks; 

■ Cleans up the /euc/dfs/s’.-iaretab file 

• Shares all resources lis tedin the /etc:/d£$/d£*>t.cip Ole 

• Starts the r.f sd and me untc. commands 

\ * 

Note: K scripts are not normally present in the />tc/rc3 .d directory, 
although if they y^rc parent. they would be run. 

/sbin/rc 5 
/sbin./rcb 

Ritns the scripts aa^d tlien tlic /£fce/o:0 ,d/$* scripts to 

perform the following laskfi: v* 4.^ 

• Stops system services and daemons 

. 

• Terminates all pjrtcess-es 

' gig Ip. ^ - (P * ” 

• l 1 amounts all file systems 

\ v 

« StairfliiStipjpt^ tfmt should tsftjy perform fast system cleanup functions 

/sbin/rcS 

'W 

Runs the to,■ . d scripts to bring up the system, to run level S; 

• Establishes a minimal network 

... ■■ 

■ Mounts the /ysr*, /var, flnd /var/adn directories if they are separate 
file systems. 

■ Sets th e system nume 

■ Checks the / (root) und /us-r file systems 

■ Mounts, pseudo file systems (/pr o:: and /d«w £d) 

• Rebuilds the device entries for reconfiguration boo s 

■ Mon n ts <>th er fi 3+> system s thut a re required in single-user mode 


Performir»g Boot and Shutdown Procedures 

C^yriSTit 2PD3 SunMIc-'osyale'na, Inc. All Highla n«ieiv£d. SunSiimL-cx. nuvfs3gnA.2 
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Controlling Boot P rocesse s 


The /etc/rc#.dDirectories 

rhe /eic/rc#.ddirectories •oni^in Mditional scripts that start and slop 
system processes for that run ievd. 


Figure 9-9 show* m example of /etc/rc=_d directories. 

pJ/twoE) 

Lpjezc 

-T~| ^«C! 

LT^kMacy i>t 

- f 3 "! rfiS.d 

"T-Q V^sgrip- 

L_Q 

pH -1** 
npQ K^^*r:rJpt 

L-0 

-n td2 ■ u 

T-Q Xj^ygript 

Lq $^*cri|ht: 

-Q rc2. ii 

L-Q S^tegrip" 


Figu*£#-9 l'litf /ere/I 


Dinvtories 

, - Sy/ 


For exajr£p*\ ate%c/rc2 contains scripts to start nnd stop processes for 
ni Ievd 2- Tie lollop ing +\itput shows a partial list of these scripts 


* Is -1 Zetc/rc2.d 
{SAL^ne cutputijgmrdtt^d) 


rwxr—r— 

•w- ... 

& £OOt 

sys 

344 

Jun 

19 

16 :56 

K06mipa$ent 

-rv;xr—r- - 

6 rcct 

ays 

494 

iTun 

IS 

17:27 

KO?srxnpdx 

—r— 

6 root 

sya 

2723 

Jun 

13 

17:00 

K2Bnfs.servier 

-rvoar _ it— 

2 r«ot 

«y? 

159? 

Jut 

19 

17:00 

S20sy3etup 

iwxr—r— 

2 ^oot 

sys 

98? 

Jun 

19 

17:12 

S21pe^f 

-rvxr xr-X 

2 raat 

ocher 

1995 

Jun 

25 

00:93 

S30flysis,net 
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Controlling Boot Pfoetuses 


Start Run Control Scripts 

Ihe /etc/ixut.d scripts are alleys run in tbesurt order shown by 
the Is command The files thdit begin -with s arc run Id start a system 
process. These fcy;ripts are called by the appropriate /sbin/rc* jind this 
script passes ihe argument"seexe" to them if their names do noi end in 
. sh. There are no arguments passed to , sh scripts These files have names 
;n the form of: 


nf -script 


For example, the script that starts the line printer (LP) processes is ruuned 
SlO.j- 

Stop Run Control Scripts 

The /‘ETjc/rcf , d stop scripts (also referred to as the kill scripts) are 
ai«ray^s run In the sort order showm by^the Is eoaunand. IWhles that 
begin w ith K are run to slop or Ml a system p(*c_y*s. These scr ipts a re 
called bv ihe .ipprupriste /$h<n/rc£, and this script panels the apsuprieni 
"sTcp’ r to them if their mrnes do not end in .slu 

These files have nnmefc in Hil-fyrm.of: 

X#7?na*T>£-*f-s£i ij*' 

Pi>r example, the script that slops the IS'FS server processes is called 
l:2£nfs. server. 



Note - File that begin \dth a lowercase kors are ignored by the 

in _t proce^ and they are not executed* To disable a script, rennme it 
with the appiopriatc lower<*$e letter. 


&«2i 
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Controlling Boot Processes 


The /etc/init .d Directory 


R*m control script are Located in the /etc/init,d directory. 


The files shown in Figure $-10 are hard-linkod to corresponding run 
control scripts in the /etefres. d directories. 



Figure 9-10 TltO / ecc, inir. d Direct 


Hie run control script /etc/iritLL. d/cron is hard-linked to the 
corresponding run control script /ezc/r<c2 . d,;§375cron, as sho wq by the 
Is commands: 


4 cxl /etc/init-d 
it Is -i cron 

H7$404 cron 

t* cd /ebc/rc2*d 
# Is -i 375cron 

176404 S75c^#ti 

The benefit of having individual scripts far each run level is that you can 

run scripts in ihe^/etc/init. d dxrectoiy individually a* the rc*L user, 

i & 

You can stop a process or start a process without changing the system^ 
run level. 



For example, to stop and restart the UP print services/ run the following 
!KTi|>ts with <i stop or start argument; 

ii /etc/Lnit,d/lp stop 
* /«tc/i_nit.d/lp start 
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Controlling Baat Processes 


Creating New Run Control Scripts 


You cm create new scripts ta start and slap additional processes er 
services ta customize a svstem. 


Far example,, to eJiminate the requirement far a manual start of a database 
server. Vau could create a sciipt t# start the database server automatically 
after the appraprlate network sendees have started. 

Yau could then create another sciipt ta terminate this service and shut 
dawn the database server before the network services are stopped. 

To add run contivil sciipts to start and stap a service., eremite the script in 
the /etc/inj.L ,d directory and create U&k ; s in the appropriate 
/etc/rc£.c. directory for tire run level in which thc|e%ice is to be 
started and stopped. '' * "■ < " 


Refer ta the In each /etc/rctf. 

inforrruitian on .. Inn contial scripts. 



. directors for more 

- 


f 


The following ippeeduie descries haw to add 0 fun Contn.il script: 

1. Create the scii^ln-tliq d directory. 

vi /etc/init-.d/fileflaroa 
cbmod 74.4 /dtc/init.d/filena^ 
eh^rp ey« / etc/iiiit ^ d/fi2«naute 

2. CiMlie links to the appropr.ate /etc/init, d direct ay 

$ cd /©tc/jnit.d 

# In .fidenana /ate/ ilenaroe 

# In misname /ate /l 

■3r |§J.6£ tips ctCTunand txj verify tliat the script has liitks in the 
app/opriate directories. 

4 lc -li /etc/iait.d/fiienaD^ 

# l* -li /etc/rc#.d/s##£i2anaw 
Is -li /atc/rc#.d/K##fileraa« 

4. Test the filename by perforating the fallowing t:ommat^ds:: 

# /etc/init. d/£ilenarae start 


P*rfarmlni Boot arxl Sihuldov/r Procedures 

C^ixyripTic 2**SSm Mk:r\x?y.st8ms- Inc-. All Rights Reserved. Sun Services. A.2 


9-23 






Control n g Bo ol Proces ses 



Rgurv9-)] shows the rujvlevtH transitions that od’ur during the process 
of a system btxrtup or shutdown* 



H^urc^-H Run-Level Tmn^its. in^ 



Note - Tin* ~?j - and reboot commands showii in Figure. 9-11 do not 
process the in it. tab file A9 the init <md shutdown command?, do. Ihe 
ir.it and sh-^tdev/n con v tmax\d& the preferred methods for 
transitioning between ntz\ states, 
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Performing System Shutdown Procedures 

Performing System Shutdown Procedures 


V#u can shut down the Solaris #E lo perforin adttii nistratii>n tasks or 
maintenance activities if you are anticipating a power outage or if you 
need to move the system to a new l#c?tjon. 


The Solaris OE requires a dean and orderly shutdown, which stops 
processes, writes data in cne/nory to disks, and urun*unts file systems. 


•f course, the type of work you need to do ivhile the system is shut down 
determines how die system is shut down <vxi which command you use. 



The following describes the different type?? of system. shutdoiv'iis. 

j4| * 

• Shut down Lhc aystem t+ single-user^mode 

• Shut down the system to sto^fehe Solaris OE,and display the ok 
prompt 

• Shut down /the ^^lem and hizrjgoj^ power; 

• Shut down the system and autoirSAacfily reboot tomu]tiuser mode 

Ihe commands lable to die roob&ser for these types#>f system 

shutdown procedures include: 

• fibiri/ipit (using run levels 5, 0, L 5, or 6) 

• ' ■'usr/sbin/shut dovsTn (using run levels S, 0/1, 5, or 6) 

w }l sr/sbin/halz 

■ # j l| : jlipsr/sbin/ reboot 

• ?iisr / sbin/powerof l 



Note - ihe lr.it ctmnund accepts more flrgumen* than those listed 
here, Ihese argument are not listed here because they die outside of the 
topic of system shutdown procedures. 


Performing e«ot and Shutdown P^coedures 

Ccr^rfght 2E03S u n Mbfosysi^rn:*. ins. All RigMs Reserved, Sun^Br^lsen. Revision A.2 
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Performing System Shutdown Procedures 


The /usr/sbin/init Command 


You use the init command to shut doum, pewor oft, or reboot A syslotn 
in a chvm ; : md orderly maimer. It executes the rcO kill script. However, 
thia. command ik/e&not warn kigged-in u&ecs that the system is being shut 
down, and there is no grace period. 

To shut down the system to single-ufiur mode, use either run level S er I. 

* init S 


it init 0 


w iadt 5 


# init 6 


To shut down the system lo slop the Solaris OE and display the ok 
prompt, perf •im the Command: 



To shut down the system and turn its p^er a ff r perform the conuiwid: 


To shi.it dewn the sy sterna nd thei\rdfH>c| to multiuser r^tfde, perform the 
LVtmtmnd: 


t 


The /ii^r/^b^/shutd#\'mCornrT^aRd 


Thesh-.td6w^:i»timnnd is a script the it invokes the init daemon to shut 
down, power dif P or icboat the System. It executes the rcO kill scripts lo 
shutdown processes and applications gracefully. But unlike the init 
coffinw^^A# shutdown command does the following: 

# NollfUilll kjgged-ln u9er^ Ih^ll the system is being shut down 

9 Detoys the shutdown fo c 60 seconds by default 

• Enables you to include an optional descriptive m^Eage fci inform 

vour users of what will transpire 


Tin 1 command format for the shutdown command is: 

shutd^in -y -g grnc^-z-^rizd -i iniTz-st^te 
cptlcn&J. 


The -y option pic.wiHwers the fin^l jhutdo^Ti c*n/hmntion question so 
that lhe ccxnmand runs without ]/aur intervention. 
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Performing system Shutdown Procedures 


The - c= girace-perioil allows you to change the number of seconds from 
1 he 6#-scoond default 

The - ] 122it-state specifies the ru»-l«v«l that the inic process is to 
attain. By default, system state Sis used. 



Note - If the sh\:tidowr. command displays the error message 
"shutdown: ' i' - flag," it indicates that tlieshell hcis 

located and executed ihe /usr/ucb/shucclo^vrj command. Reissue th* 
command using its fu]] path (for example, /usr/sbiivVnutc.orim), or set 
the variable to ensure /uer/abin comes before /usrvueb. 


To shut down the system to single-user joode r enter the shutdown 
command without options 

# shutdown -Jft, I 


To shut down the irorapi Idgfeap the Solaris Ob, ard dispjjty the ole 
prompt, perform the rSnm^^: 


# phutdewn -iO 


To shut down the system and turn -<$ its pcftver automatically, perform 
-...Ag command: 

'•Mllf ®f M 

# shutdown -±& 


I 


Tc>pW: d OWti the system and then icboot to multiuser mode, perform the 
command: 


# phut^owi §“i6 


The -i option can be used with other command options. For example, lo 
shut down the system and then reboot to multiuser mode, answer yes to 
the questions presented, pi^ovide a »race period of two minutes, and 
provide a menage bo the users, perform the command: 


# shutdown -y -gl20 -i6 v, 32\o «yst«ca is bains rebooted" 


Pei forming loo): and Shuldown Procedures 
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Perfor m ing Sy stem S hutdow n Procedures 


The /usr/sbin/halt Command 


Jhe rial t command perform?; an immediate system shutdown. It does not 
execute the rcO kill E»cn'pts- It doca not notify’ loggcd-in users, and thtire is 
no grace period. 

To shut down the system, stop the Solaris OE, and display the ok prompt, 
perform the command: 

r hAlt 


The /usr/sbin/p*wer*f f Command 


4 poweroff 


The command performs an (nrmediskeshutdown. It doefc not 

execufcr the i~cO idU script It does oo* naufy fogged* m users* and there is 

no grace period. 


'lo shut down llm system and turn off it! 


ower, perform the conuruind; 


V 


The /usr/sbin/rebo#t Command 


The command performs mi immediate shutdown and 

ivinitiali^feqn, bringing to run level 3 by default. The- rsfcocC 

commandlwfers frerti the 6 command because it does not execute 

the rcG IdU Mbfipty 

i> "5| | 

To^^t down ^'system and then reboot to multiuser mode, pedvrm the 
re^o^^omuKiiid without options: 


4 reboot 
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Performing lhe Exeraises 


Performing the Exercises 


You have the option to complete nay one of tluee veraons of a lob. T# 

decide which to chouse, consult the following description*. of the levels: 

• Level ). - This version of the lab provides the least amount of 
guidance. Each buheted paragraph provides a taek description, but 
you must determine your own way of aixomphshing each tnsk_ 

• Level 2 - This version #f the Jab provides more guidance. Although 
each sfcep describes what you should do, you must determine the 
commands (and options) to input. 

• Level 3 - This version of the lab is the to accomplish because 

Ccxhstep provider exactly what y«u should input to the system. This 
level also includes the task solutions for'all Ltwec kvela 






Pertomninf Em and Shutdown Procedures 
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Exercise: Conti , n e Boot Process (Level H 


Exercise: Controlling the Boot Process (Level 1) 


In this exercise, you create A new startup soipt, make change* in the 
/etc/systero file, and observe their effects. 


Preparation 


Refer to the lecture note* as necessaiy to perform the tasks lifted. 

Your instructor should provide you with instructions on how to obta in a 
script colled "banner" thm wilt be used during this exercise 


Tasks 


Complete the following tasks: 

• In the etc . vz 2 , d directory, create athaid link tu the 

/etc/init Hie, called S22bannejr. In the /erc/rcS.d 

dirGtt\>ry, ovale link to the /etCr r iniL.d./l>Ljni^_r ftte called 



System to run level S, on d verify that k Wiener runs. Change back 
|||; nm level 3, Make a hookup copy of the /etc/systein file. Gveck if 
^Wiy instances fit the d^-erare loaded. Modify the /orc/syste.'U 
file to force-load the st driver. Reboot the system, and verify that st 
dri^fr instances arc loaded. 



(St^& 6-10 in the Level 2 lab) 

1 ' 


• Edit the /etc/syst^r file to exclude the boot disk driver for your 
syatem (either did or sdk Shut down the system lo run level 0/ and 
attempt to boot it, Make note of what happoxs. Interactively bwt 
VT>ur system, and return i t to an operational state. 

(Strps 11—14 in (he Level 2 lab) 
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Exercise: Controlling the B««t Process (Level 2) 


Exercise: Controlling the Boot Process (Level 2) 

In this exercise, you create a new startup script, make changes in the 
/et.c/^yst.^r. fj.le, and observe their effects. 

Preparation 


Refer to the lecture n«tes as nc:*>ssary to perform the tasks Misled. 

Your instructor should provide you with instructions on how to «btaina 
script called c-arner that will be used during this exercise. 


Task Summary 




In this exercise, you^com^lish the following: 

• In the /etc/r 02 .%dipettgay, erfekbe afyrrd link Lo the 

/etc/ init ,d/fcsmel In the /Gtc/r^S 

directory, create a hard lirifeto die ^pc/inic. file called 

K99ba.nr.er. 

• Reboot the system, and veriffehat S&atoaianer runs. Shut down the 
system to rim level S, and v ify that K99banner runs. Chan ge back 
hi run level 3. Make a Inackup copy of the /etc/systerc file. Chock i{ 

liltg. . any instants of the s t driver are loaded. Modify the /etc/sya^en: 
file to fon$*-load the driver. Reboot the system, and verify that gz 
driver instances are loaded. 

thfiflfstc/syscerrfile to exclude the b«ot disk driver fervour 
Either dad or sdk Shut down the system t« run level 0/ and 
bbPt it. Make note o f what happens. boot the 
using the -a option of the bo®t command. Use your backup of the 
/efcc/sysfcesEi file as required Replace the /etc/syscsn file with 
your backup when finished, and rcb««t the system. 


Per timing Bottand Shuidtwn Prtctiures 
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Exercise: Controlli ng t he Boo t Pro cess {Le vel 2) 


902 


Tasks 


Complete the following steps: 

1- Log in &> the roet user, and open a terminal window. Change the 
directory lo /etc/ir:it, ct Make sure that the banner scrip! vour 
instructor provided you is preschl and executable, 

2. Verify that the script runs with both the start and arrgumenis. 

3- Change the directory k> . etc/rc2 .d Create a hard link called 

£22ban.ner that points to the same data as tilt) /etc/ink.. d/banne^ - 
file. 


4- Change the directory to the /ete/rcS .ddiicclOry, Create a hard link 
called K99 c^rrjer that points to the same dau the 
/otc/ir.it. d/kannsr file. 

5. KebODl the system, and watch for the-output Of the%criptyou just 
installed. 


Docs the startup message from S22kanoer appear? 

Log in as Lhe root user, yid *pen a terminal witujajti, Use Lhe inii 
command to change to riSn level S. 

Does the shutdown from K99rai7rer appear? 

Type the p®$**otd for the root user to log in at the command line 
Change to run level 3. j ■ 

Log in *fi u&?%<md open ^terminal wii 
directory 


1 window. Change the 


f Make a bactep copy of the /otc/systen file, and name the backup 
flle^^ten.crig. 

II. If your astern uses a SCSI tape devdee, perform the following: 

a_ Log hi as ifw rocr user, and open a terminal window. Use the 
pixoan f command to list instances of the sc driver currently 
loaded. 


How many instances aire reported? 

b. Eld it the / ets/sy szeici file so that it includes the following line: 
toree-loajA; drv/st 

l'hen reboot the system. 

c. Login as root, and open a termuial wdndow. Again !ist 
instances of the s- driver currently loaded. 

How many irwddnces are rcjH>r1ed? 


l rt fe nwe tfa w System A(t?insW»i toctfieSo4cVte'“ 
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Exercise: Controlling Ihe Bool Process (Level 2 ) 


11- Edit the /etc/sy*K«n Hie so that it excludes the main disk driver for 

your system* 

On system* using SCSI disks, add the following 
exclude; drv/sd 

Qi systems using IMdisks, add the following: 
exclude; drv/d &4 

12. JShut dcnvn th<‘ system to run level 0, and then attempt to boot it 
again. 

What happened? 

13- Use the beat -a command to b#at the system, and supply t he nnme 
of y*ur backup file called etc/tent + |3j| ^note there is Ml *\ 
leadingsliVh lathe etc). Press the JLcfurn legy toaccepl the default 
valuer for all other boot parametcrfil for example; 


o.< boot -a 

£n_er lkemel/ipArcv9/anix 1: ^nim> 

Hnter default dii^ctory ferjncaQules ^l&plaLfcwm. ..It <R*tur: 
3lanG ai f:- <? lece/oyicoal: atc/^y^tesa.orlgr 

root filesysior. typ^ (uf k j: <2Wt.urn> 

Kr.ter physical -inf at rcot devige - - - i ; <3tetum> 


14, Log in ,xi tlie root: user, and open a Wnmnai iv:ndow. Copy the 
/etcr/systerr.orig file to tire /£tc.^:st«:ifile. Reboot thc> system. 




Pe^rming Boot end Shutdown Procedures 
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Exe rcise: Co nt rolling ihe Boo( P roc ess {Lev el 3} 


Exercise: Controlling the Boot Process (Level 3) 


In thi* exeicise, y#u create a new staxtup script, make change in the 
/etc/systecn file, nnd observe their effect*. 


Preparation 


Roft>r to the lecture notes ms necessary to perform the task.s lifted* 

Vour instructor slxnuld prov ide you with instructions on how to obtain a 
script called bar ner that will be used during thfo exercise, 


Task Summary 



In lhis- exercise, you agagfnpJiKhthe following; 

• In the /oic/rc2 -c. dimlmy, create a hard link to the 

/<5t.c/init.d/fcann»r file, called 53£JgHttl&x< In the /^Le/ircS.d 
directory/ link tO :: lho /echini t, d/banner file called 

K««j»aniu4r. 

• Reboot the ,sybtan^ and verify- ihot S22 banner runs. Shut dawn the 
^v-stem tPMm level S, and verify that EMb^n/**- runs. Change back 
to run level 3. Makef*i backup copy of the /eLcx/svsterc file. Check If 
any instances of the at driver are loaded. Modify the /eccf/«y»ten 

file 10 foice-kxid the st driver. Reboot the ^YStenv and verify that st 
"" loaded. 



• Edjfthe /e&c/systGu file to exclude the boot dtak driver for your 


system (either dad or sd), Shut down the system to run level 0» and 
attanpt 16 boot it Make note of what happens Boat the system 

using the >a option o/ the boot command. Use your 1 backup of the 
/erc/syetean tile as required. Replace thi> /etc/syst-.esn file with 
Vour backup when finished, and reboot Ihc System. 
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Exercise: Controlling the Boot Process (Level 3d 


Tasks and Solutions 


Complete the following steps: 

1. Log in ^ the root user, and open a terminal window, Changit the 
directory to /e "c/ixut. cL Make sure thfit the kannex script your 
instructor provided y«u is preset and executable. 

4l cd /etc/iiiit.d 
# la -1 banner 
chn>od 744 battTVfftX' 


2. Make the banner script executable, and verity that it runs with b»th 
the start and atop rxr^uments, 

# . /hflnnpr stait: 
w ,/taaromr scop 

3w Gvrnge I he directory to the /etc/r*?2_c directory, Create a hard link 
called S22baroe>' that points to the same data as tile 
/etc/init,d/bar 3 *er file. 

# od /etc/rc2.d 

w In /etc/ini't.d/bannar S22banner 

4. ChaOge thediredory to l habere/res. ddirectory. Create alwd link 
called JOTbJinner that point^"to-the same data as the 

/etc/ inis, d/oa.nner file. 

# cd /etc/rcfiLd 

V Lit /etc/init + d/hama#r K99feannor 

5. Reboot the system/ and watch for the output of die script you just 

i n-ji'tri lied, 


# init 6 


Ooee tbj$ startup menage (c+m S22barmer appear? 

Y& 

Log in as the root user, .-wdopen a terminal window. Use the in it 
command to change to run level S. 


f init 3 


•ocs the shutdown message from K99btinner appear? 

Ye*. 


7. Type the password for die root u&erto leg in at the command linr:. 
C'.hangv to run level 3. 

it init 3 


Pei^rmifvg Soot add Shutdown Procedures 
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Exercise: Contr ol ing U te Boot Proce ss (Level 3) 


3. Log in as Lhc> roet user, and opm\ a terminal window. Change the 
directory to /etc. 

|i cd /etc 

9. Make a backup copy of the /erc/systenfile, and name the backup 
file 9 y 9 terr,,orig. 

4 r cp sy^tera eystan.ocrig 


10. If your sJ'Utem uses a SCSI tape device, perform the following:: 


a. Lo^ in a*< the root user/ and open a terminal window. Use live 
prtcoti* command to list instances of the Gt driver currently 
loaded. 


^ pitermf J grep "st r instance" 


h. 


* inlt 6 

k. 


tt prtcoaif gr^p “at# 





How many instances are reputed? 

•Voire 

Edit the /fltc/systen file so dial it incudes the follow in g line: 
iorc&lcid: drv/3t - 
liken rcbrml ll>e system. 


{$ 'tet 

Log in as root., ond open a terminal window Again list 

instances of the at: driver currentlvjoaded. 

• ■ '! s 


instance ' 1 

J low many in^irtru^es are^e^iiited? 

The number vari& 'depending on how many SCSI controllers a jr 

You should &■* Instances 9 through 6 for a system with ene 
control lor- 


11- Edit the /ctc/systemtileso that it excludes the main disk driver tor 

yvur svsrttm* 

On systems using SCSI disks* add the following: 
exclude: drv/sd 


On systems using IDE di$k&. add the following: 
exclude: drv/dad 
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Exercise: Condoling th e Bool Proofs (Level 3 ) 


12. Shut diwn the system to run level 0, and then attempt te beet it 
aga'uv 

tt shutdown -y -i0 -gO 

(shutdown ineasaf*-} 
ek boot 

What happened? 

TTtosivstoa )$ itiutNe to boot Exchtd'mg this driver prr^nh you front tndttg 
the hoof disk so ii>tig as you use the same /“Oo/systear./i/r. You ntitsi hoot 
osbtg ii$e -ac rptxw to ve Me to supply an alicrmtii'efik for the 
/et c/systenijfc/f. 

13. Use the deet -a command to boot the system, and supply the name 
uf your backup file called etc/systercu oriff (Note there is not a 
leading slash to Lite etc). T’mss Return to accept Che default values 
for all other boot parameters. her temple; 

ek boot -» 

zXizer filcnar&e rkferxisl;?pa-cv5)/uni^J; <Ret %im> 
znt.«r default directory fer nodules I /platfam, , , J |l<K*tura - 
Ksme of systen file letc/systeoo]; etc/*ystem.cx£d# 
r^ot i i esystCT rYPe [uf si . <Rstum;> 

£nL«r physical name of zeot device <Fetum> 

14. Leg in a$ th*.;rcct u*ex> andep^n a tormina! window. Copy the 
/>ic/systan,orig file to the /«cc/|ysfetn filL\ Reboot the system. 

# vd /etc 

3 cp system .curi? system 

# init 5 



Performing fttet arc! Shutdown Pfooed u/fes 
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Exercree Summary 


Exercise Summary 



Discusginn - Take a few mi/mtes to iliacuss whiit experiences, issuer or 
discoveries you had dur n\g the lab exerriae. 

• Experiences 

• Interpretation 

• Conclusions 

• Applications 
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Module 10 


Performing User Administration 


Objectives 


Upon completion of this module, you sh#*iid be able toe 

• I describe tts#er admimsirniidn fundamentals 

• Manage user account' 

• Manage initialization Tiles 

The following ocuunse map shows hovv this module fife into the currtTit 
instructional goal 



Performing User and Seeu^y Administration 


llii 


««l £ Performing 

U«r 

<VJmlhlclriH:t>n 


' 9: ~ V 

xr' 



Figure 101 Course Map 
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i n tradu cing lis^r A dmi nistrat ion 


Introducing User Administration 

An important ^yslem administratTon task is setting up user account for 
each user who requires system access, Each user needs a unique account 
name:, a user identification (LID) number, a home directory, and a login 
shell. You aJso have to deterwve which groups a user may access* 


Main Components of a User Account 

Tho following t* a list of tlie main component of a user account: 

• User najiKt - A unique name tlMt a user entei's td log i n to a system. 
1 h*- user name is also called the login name. 

» l K dsswo/*t A •ombutahun of six to eight letters, numbers, or special 
i haraelcrfl ihat a user enters with the login name access to <i 

System. 

• UIB number - A user ac«9unt'$ unique rUiritetical identification 
within llte svstem. 

" f> 

9 Croup identification (GIB) A. unique nun^n cal 

idenii:ication 9f the group to which die: user, belongs. 


- wM a user to predefined gisa^ps listed in the /etc/group 


Comment — Information that iden titles the usee. A comment 
gersg&aHy contains the full name of the user and optional 
iniofeatiun^uch an ti phone number or a location. 

User's home directory - A directory into which the MW is placed 
after login. The directory is provided bo the user to stem* and creak* 
files. 

User's login shell - 7he user's work environment is scl up by the 
initialization fdes that are defined by the user's login shdt- 

P ass word aging — An optional feature to require users io change 
their passwords on a regular basis. 



T§-2 
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Introducing User Administration 


System Files That Store User Account Information 


The Solaris™ Operating Environment (Solaris OElMore* user account 
group entiy information in the follow h£ system files: 

• /QtC/p«6V*d 

• /etc/sh&ao'/; 

• /etc/proup 

Authorized system users have login account entries in the /etc/0&*w\ 
file. 

The /etc/shadcv; file is a separate file tiiat contains the encrypted 
passwords. To further control user pas^wfcrds, you cart enforce pit SSword 
ag/ng. Thb information is maintained in the /^tc/shadfttt J : ile. 

Th* /etc/group file defines the default system group entries. You use 
this file to ensile new group entries or modify ousting group entries on 

the system- 


The /etc/paaswdFfle 



edlili|j- : thib file directly. In&tela you should use the Solaris™ 

' iSaffi^oinnt Console or command-line tools to inainluLn the file. 

; 

The following a n example of an /e^c/passv.’d file lhaL contains the 
■ entries. 



dAencri: x fT n i h? z 
bi n: x ^ 2:2/bi nr 
sys : jci3:3= ; / ; 

a(k;X;4;4:^ALLfl:/var/a5n: 

lp::x:9i ;$;Lir_e Printer Arsuni/usr/spocl/lp: 

\L?cpzxz5z5 muep Afr\ in: /usr/ lib/—cp* 

ni^uCFtx :375 7 UUCC Aidiii:/var/SPOO-/uUCppublic > :/U 3 r/.ib/uucp/uucico 

srunsprx] 25] 25: s-em3Wai 1 Message Sitoussicn Program; /: 

listen; x;37;4;Network Adwiru /uRr/n*r/ni.s: 

nr^fcooy Mooo &/: /; 

noaccGSS :x;£DOC/! :N* ACCfcas User;/ ; 

ticbcdyi :>r :65534: 65524 :SunOS 4.x Nobody:/; 
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Each entry in the tile contains seven fields. A colon 

separates cV50h field. The following to the format for on entry: 

ICyi^IT: --X" C/U; GJT r ccyar?y«n£. hcssGjU r*c* rcry: i 

Table 10-1 defines the requirements for each of the aeven fields. 


Table 10-i fields in the /eic/pass;*d File 


Field 

Description 

iogrijjJD 

i 

Represents the tier's l#g!n name. It should be 
unique tueach user. The field should contain a 
string of no more than eig t letters (A-Z, a~z) and 
numbers (0-y). The first chacHder should be a letter. 

, and at least one character should lo^tiase. 

i W im 1 r 

Note - Even 1hough somg pfogramFaijow a 
maximum of 32 characters, u> well a*> user narrv^ 

1 that contain penod^y*), underscores (J, and 
hyphens |~ 'fr thi s prince is nOt recommended and 
| might cause problems with other program. 

X 

Represents a placeholder for the user's mcr\ pted 
pftfWwordf^whii h t> kept in (hr /etcv shadow HLe. 

VIS , A 

««. j 

i 

Contains the LTD number used by the sjreiem to 
identify Ihe user. IJJ# numbers for users range 
from lQt to bOOOO. Values 0 t mug 99 afO reserved 
lor *y^rtem m'eunls. UID number 6§U0 1 is reserved 
for the r.cfc:r/ account UID number 60002 is 
reserved for the noaccees account. While dupl icate 
LTD numbers arc allowed, they should be avoided 
unless absolutely required by a program. 

Note - The maximum value for a UIB is 

21474836*7. However, the UIDs over C-fOOO do not 
have full utility and arc incompatible with some 
Solans OE features. Araid using UTPs over 600FD 
<*o to be compatible with earlier versions of the 
operating environment. 
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Introducing User Administration 


Table KM Fields in the /ecc/P^ssvsd file (Caitiimed) 


rieid 

Description 

OID 

Contains the CIO number used by the system \o 
identify the user's primary group. GID numbers for 
users range from 100 t+ 60000. (Those between 0 
iuid 99 arc reserved f r system accounts,) 

€OiXS.\XiZ.'t 

Typically contains the user's full name* 

r fc r 01 y 

Contains the hill path name to the? user's home 
directory. 

-pj7irusiicii 

l>etines the u er s login shell. There arc $ix possible 
login shells in the Solaris OE: the Bourne sheik, the 
Kum helL the C sheli the Z shell, the BASl l shell/ 
and theTC shell. 


Table 10-2 shrtws the default system account data lor entries in the 
/^tc/F^ssvd file 


Table 1#-2 Default System Account Entries 


User 

Name 

User 

ID 

Description 

root 

c 

The „ accou nt (hat has access to the entire system. Il 

. has .inu^t liOT^shicrions ond overrides all other logins. 

\ protections,. and permissions. 

daemDr. 

1 

The system daemon account that is associated with routine 
sy^&m tsskfip 

bin 

2 

The ftdmmtatr Alive daemon account that is associated with 

furtaiftg system binary files. 

ays 

3 

The administrative daemon xii; count that is asstH inted ndth 
system logging or updating files In tempo™ rv directories. 

nerr. 

4 

The admi ni^tra 1 h e daeirn *n account that is jfiftooa ted «rith 
sv’stem logging. 

Ip 

71 

The line printer E ip) daemon account. 

UUCP 

5 

tin- 1 daemon account associated with UNIX*-tt)-U\lX 

Copy Prolc^ol (ETXp} functions. 

IlULLC:p 

i 

6 

'1 he iU L CJiiiit that la used by remote systems lo log in to the 
host and start file transfers. 
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Introducing User Admin istration 


Tabic 10-2 Default System Account Entries {Continued} 


U5er 

Name 

User 

ID 

n 

Description 

s.mssp 

25 

The s^ndn-^il nvs&age Submission daemon accounL 

listen 

37 

Hu- m it work listener daemon account. 

nobody 

$oca: 

1 The anortymtfti* user account that is assigned by a 

Network File System (N'F5) server when an unauthorized 
root user makes A request The npjtsuy user aoco nt is 
assigned to software processes that do not need any special 
permi scions. 

noaooess 

60002 

The account assigned to a user or a pnxv^f thatnecdb 
access io a system th ro ugh som v application i nstead of 
thjrvufcb n system login procedure. 

n obody4 

(H5534 ^ 

] fii! etjumyninuy user account that is the SLmOS rfr! 'i,0 or 4.1 
atiilWAfte version of the iig^ody acc ount 



Note - The nobody accourct^fcures NFS|p?souj\:e&. When a u?*r is lagged 
in as soot on on NFS dient and attempt* to accq^ a remote file resound, 
the UTD number changes from 0 ho the U1D of nobody (60011) 


■ f&A 

The /tetc/shadow File 


Due to the critical nature of the /etc ah&kurtile, you should xefroia from 
editing it dir^tfly. Instead, maintain the fields of the file by using the 
Solaris ^lUigemcnt Console or command-line luote. #nly the root user 
can read the / shadow file. 


The following is an example /eLc/shadow* file that contains initial sy’slem 
account entries. 


root; 5P,iJ3.yvdG3kU:€445; ; : - - - 
de«ni»n:t-JP:644 5 :::::: 
hlr.;NPr^44S; ; : s : 

^y?:rvPT6445 
a<5m:NP; 644$: : : : : ; 
lp:r^P;6445 ! ! ! i ; ; 

UUC*:NE:*44b :::::: 
nuUCP = *£ > -6445 :: • r - r 
smsp:>:i>7 4445 
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Intro uctng User Administration 


1 i Q rjFT ; *1^7: 

nmt&arj-lcP.Ga&b : • • • j j 

nQ£COess:NP:S44S ::: f:: 

4;'?^?:£445 

Each entry in the /etc/shadrw file contains nine fields A colon separates 
each field. The ninth ield is r served f«: future use and is not currently 

UfC 

Follow is the formal of an entry; 
lcg±i2lDip££$-;rvrd‘ izstcilGwdniiC&xiMarn: inactive: expire.- 


Table 10-3 define** the requirement roach of the eight fields. 


Table 1 (F 3 Fields in the /etc/shade^v Pile 


Field 

Description 

- c*?izzii* 

Tin- uses'* login name. 

ttSSMOFd 

A 13-character enca^pled passw'ord, The string 
*LK- indicates a lodged ackguut, and the string 
ftp indicates no valiS p^werd. Passwords mmit 
be i^PPSt/ucted to meet theTollowing 
rt^ufhfeients: 


Ifooh password must be at ledst six characters 
and contain least two alphabetic character!* 
and ait lea t •ne numeric or special character It 
cannot be the same as the login ID or the reverse 

Of the login ID. 

iastchg 

The number •( days between January 1,1970, 
and Iho List password modification dnitf. 

ISj f T1 

The minimum number irf days required between 
password dvin^es. 

max 

The maximum number of days the password ifc 
valid before the user is prompted to enter a new 
password at login 

vsm 

Hie number of days the ustr is warned before 
the password expires. 

inactive 

1 he number of inactive d ayn allowed for the user 
be; iVi re the user's account is locked. 


Pef<OFm*[Ji9 User Administration 

8*a Ml fcWAy*®»*v kg, AU^i^is l 


10*7 
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Table 10-3 Fields in the Hie (Continued) 


1— 

Firld 

Description 

expiro 

1 

The due (given as number of days since 

January 1, I97\)) when the u^r account expire 
After the date i* exceeded, the user can no longer 
log in 1 


The /etc/«jrcupFlle 


Each user belong to a group that is referred to as the user's primary 
group. TheGID number located in the user's account entry within the 

/etc/pfiFSw?7 file,, specifier the user's primary group. 

Si \\ 

Each user can also belong to up to 15 addiftorval gnuip^known ns 
secondary groups- In the /etc/grou^ file, $#u can add users to gmup 
entries, thus establishing the user's secmdaiy gjoup affiliation^. 

I'll** following is an example of the in an .^tc/group ^ 1l - : 

r##t: :0 rrocc 
other; ; 1- 

han: : 2 : rrot, bin, clg.«nr>r 



sys:: 3: r#ot- w bin,^ys,^cns 
eMt: : 4 : root, aAj;, dA«non 
uucp: : 5 : root f !| ;: 

mil ; ;6 ;r«#t 
tty: : 7 :r*«c,3jc2* 
lp: : 8: root, lp,adto 
nuucp:: 9: ro»c, nu-iip 
staff 

•iaenon!:: 12; root 
sy^adttim : 14; 

c-rmcp * :25;SHIEp 
nobody: :6C001: 

mtaccttBS; 7 6D0D2 : 






tiogroup; :£5534: 


Each lineentty in the /etc/grouP file contains four fields. Action 

character separates each field. The following is the format fuc an entry: 

gr^Uj. -i .*JU.rr : CJTCfUp-pit'Si zQT^: UCCl "-±1X63 1 1 F ** 
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Table 10-4 defines the re uirements for each of the four fields* 


Table f*-4 Fields in the /eLC/y^eup File 


Field 

Description 

grsupz?acse 

Contains the name assigned to the group* Group 
names contain up bo a maximum of eight 
chnrnelcrs. 

£_rc\L.p -pas&tttXl 

Usually contains an empty held or an asterisk. 

This is a relic of earlier ver ions of UN X, A 
gfOup^pas w#rd is a secuiity hi>lc because it 
might allow an unauthorized user who is not a 
member of the group but who knows the group 
password, to enter |h^roup. 

Mi ik \ 

Note - The mcvgr? ccromanS Singes a user's 
primary grouj\ association withfn th* shell 
environment feotm which it is cxrctited. If this 
new, active group has a password wild the user is 
not d listed mtxnbs in that group, the user must 
enter the pas wurtf before the newgrp command 
can continue. 

<SXX5 

**| * 

1 
" : ?;p 

( on tains the group's GID number ll is unique on 
the lock] system rind should be unique acmsfi the 
orgtini nation, Numbers 0 to ^4, tiUtJO 1. 6000.2 and 

655J4 are reserved for system group entries. User- 
defined groups range from UX> to ftOOOO- 


Contains a comma-separaled list ol usernames 
that represent the user's secondaiy group 
memberships. By default ead\ user can bd#ng bo 
a maximum of 15 secondary' groups, 

Note - i htj maximum number of groups js by 

the kernel parameter called n9r#ups^nax. You 
enn aet this parameter in the /etc/sY 5 temfile to 
allow for a maximum of 32 groups. Not all 
applications wall be able to retervrue group 
memb*‘rshi ps greater than 16, NFS 1 * a notable 
example. 
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The /etc /default:/pas sw& File 


Set values? for the following parameters in the /ec c/defau_t/pas5v,vL file 
to control properties for all users r pass vvunis on Ihe system: 


• K?aXVV2E3CS - Sets the maximum lime period (in weeks) that the 
password is valid. 

• t-0\frJ22<£ Sets the minimum time period before the paa^rd can 
be changed. 

• P-ASSLEMoTH - Sets the minimum number of characters for a 
password Valid entries are 6, 7, and 8, 


• - Sett the time period prior to a passw ord's expiration to 

warn the user lhat the password will expire. 

____ _ _ ,_V' . _ -__ 

Note - i'lli’ EFk 1 ; value does not exist hy default in the 

/ etc/ d~ J auJ, - /p>msyei hi#, but it c an he Lidd vd. 


Tlie p^is&wofd ag ng p^rfimeter^MAX^EEKS^j^lw'^EKS, and WARN^JEEKrj 
are default values. If $ci in the /o-tc?/ h r.adovfile, the parameters in Ehal 
file override tlios.^ ^itlie /eLc/de ; £aul--'?agswd file for individual users. 
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Managing User Accounts 


Managing U se r Accounts 


Eaih of the fnl]owij\g sections prosenl two of ccnrmand-line tools for 
managing uaer accounts: the command-line tools used in the Solaris OE 
versions prior to the Solaris % OG, and the new set of command-line tools 
developed for the Solaris 9 OE. 


Introducing Command-Line Tools 


The Solaris 7 OE and the Solariy 8 OE provide you with a>mmand4ine 
to^ls, defined a* follows: 

f m 

• us-^radd - Add* a new user account on the local y> i steaii 

• -:5e^c - Modifies a user's account on the local system 

• vser^el - Deletes a u.scr's account from the local system 


• group&dd yAifci}? a new group entry to the system 

• grou^arod- Modifies a group entry an th&Svstem 

• grrj^dsl - Deletes a group entry from the^y&tem 


Ijt addition to tliese the S»I ris V OE hay a new set of 

command-line tool* that accomplish Ihc^ame taska. T1 ey are the Hirmsser 
and -jTTf.-.rc'-.ip commands, ^ * 

The smueer •ammand enables you to manage one or more us^rs cm the 
system with the following set of subcommands: 

• Adda a new user account 

• wadi ty - M odiiles- a user's account 

• J>*letes a user's account 


• i ist - Lists one or mom user entries 
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Note - Th* omuser and grr£r*uy commands are the coauiwiddinc? 
interlace equivalent to the Solaris Management Console of 
operation and allow you to perform Solar is Management Console actions 
in scripts. Therefore, the smuser and ingroup commands have numerous 
suboocn/nan s and options designed to function across donvins and 
multiple systems. This module describes only the basic •ammands. 


The command enables you to manage me or more groups on the 

system with the following set of subcommands: 


add — Adds a new gjxnip entry 


• Tr.odify Modifies a group entry 

• delete - Deletes a group entry 1 

• Hot - LLsU one or more group entries 


Any subcommand bo add, modify, lint, or ddirie users wim the ^iu_^er 
and t^sroup commands requires authentication with the Soloris 
Management Console scr&r and requires the initialisation of the Solaris 
Management Console. For example, the following isihe command format 
for the £nv_ser coi 


/-jsr ^iicm/bln/^fr-iser s-'jhcxv.^arvd fdut 


L su£c j#vnand_£i t 


The autj^rization argnm^its are till optional. However, if yvw do not 
spin'My "the aiidvi^ation argj^ient, ihc system might prompl you for 
additional information, suich as a pu^word for authentication purpose*. 


Iluf -- option separates the subcbjnmand-spccific aptions from the 
•J auIh( iri zMmi a rgu men ts. Tho - - option must be entered even i t an 
authorization argument is. not specified because it must precede the 
subcommand arguments. 


The subcommand argvuncnts are quite numerous. l : or a complete listing 
of the subcommands, refer to the smuser man page. It Is important !• note 
that descriptions and other arguments that contain whitespace must be 
enclosed in double qu tation mark^. 
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jatra^j 


Creating a User Account 


Use I he userad6 or srraiscr add command to add new user accounts to 
the local system. These command* add an enr fox a new* user into the 
/etc/passwd and /ecc/shadc*v tiles- 

Th esc commands also auitmatically copy a 1 the initialisation files from 
the /ctc/^kel directory the user's new* home direcKvy- 


The useraid Command Format and Options 

The following i& the command lor mat for the us«radd command: 

f 

[ -u uid 1 [ &id ] [ -3 T , 

' ] [ -n n -5 sAeii ) f -c 

Table UF5 shwv6 the options for the command- 

Table 10-5 OpSons for the os e^raAd Command 


_ 


Option 


Definition 


-■* ura 


g gitf 


W3 


the UID number for tHfc new User 


q 


Defines' the new user's primary group 

4 ' 1 


-d dir 




Defines the r>^ 
memberships 


r s second jry grotap 




Define*. th tf full path name for the uset's homp 
directory 


Creates the userV home directory if it dews not 
already exist 


-s x 


Defines tiu- full path name for the shell pir»grani of 
the user's Login shell 




xqg J .^77 ri HP 


-D 


Specifies any comment such as the c***r‘* full 
name and location 


Defines the user’s login name lor thuser account 


Displays the defaults that are applied to the 
u^eradd command 


Rerunning User Arfmlrtarallcn I0o3 

C*f^F£N2C03Su> fMz aart&r*' 6nc, Reelect StmS«<Wm^»ooA2 










































Managing U ser Acco unts 


J*he following example iues the user a4a command fo create an account 
fnra u*er named ncfe-Lserl. U a^Egtut IOC as the UID number adds the 
user to the group other, cronies a h«iTie directory in the /axport/hone 
cfcnectoiy, and sets /bin/kah as the login shell for the user account 

£ \u«za^d ~u 100 -g other -d /es^st/bcBe/otfufiefl -m -9 /biA/Heh -c 
■RtOuiAr Uaor Account m nsMustrl 

64 blocks 
# 


User accounts are locked by default when added with the xsseraSd 
conmuind. 


By •onvmtiun, j user'b login name is ate* the user's hoove directory 

name. 


You use the passwd couvmand to male a password for the new account 

# pa a at/d n«KU&erl 

t -&/t Pas^-ordr 

R=-«ncez new Password; 3.23pa©e 
pafifllidi P3S£a**xrd siiccessial ly ~ha^eo for 

The sinuser add CTmmaJifit Format and Optio ns 

the following Ja the oommund format for %> cxiuscr adr. command: 
sspus«r adcl [dufcfa_arosl - 

N 

Table 10-6 shows some <f the most common subcommand argumcn hi for 
th e smu sjbu' command. 


Table 10-4 Sobcommand Argummts for the smser add Command 


1 Subcommand 
Argument 

[ 

Definition 

-c Crimea] r 

A shorl dfc^kipfcioii of the login,, typically the 
u&er'H name. '1 his string can be up to -36 
characters- 

-d duniKtory 

the lusrne directory of the new user and is 
limited U> 1024 chapters. 


Spct iftt^ the new user's primary group 

I membership 
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Table 10-6 Subcommand Arguments for the add Command 

(Continued) 


Subcommand 

Argument 

Definition 

S OTPuJ? 

Specifies the user's secondary group nu-mbtrvhip. 

-n login 

Specifics the user'V login name. 

-s shell 

Specifies die full path name of the uscrN Jug in 
nholl 

- - ui<# 

1 

Spedlk-H the user IE) of die user you want to add. 

If yon do not specify thi£ option, the System 
assigns the next available unique IflD greater than 

ioa 


The following example uses the snifter aad command to create an 
accuunl for a user n^med ncwuserSL It designates the login name h$ 
rjFstcuserZ, aicigns the UTD number 500, adds the user to the group othgr, 
creates a home directory m the , fixpmrt haioe directory, and sets 
/bin/ksh as the login flhtfll ft* the user account- 


JVJete - The -x &ut«hcr>e^N optioni5 the fimuner command adds iho user 
withoutputomountlng the user'* norr.o directory. See the man page for 
Eiytr^onrit- for hioce information. 


V- /usr/aaj^m/bin/SinuLt^r add — -n n#vmfler2 -u 500 -g othmr -d 



/axparr/hi^T^ii^ye ; 2 -c «ftogul&r User Accmint 2" -s /bin/T«®h ~x 
autotinn^W 

Authenticating as user: root 


Ty^ / ? foz- help, pr^rsir^g <«n-er> dcortts the default denoted toy l J 
Please enter ^ 3 tri:»g value for: password ;: aiMtrv^nswxrd 
leading Tool: cxm.sau.aftounr^eririgr.cli.user.Us^i^rCli lr<n sya41 
Logir. id sys41 as user root was Swccfteistiil. 

Do^_lcad -^f oor\,5uii,aGaiiu.ufi«rr»gr,eli-user.ts^ri^rCli frew sys41 v*±s 
successful. 


Users arc added without a passw T o d by default with the sniu$er 
command. Use the pq aswd conmiand to create one. 

# passwl n«fAiserS 

Meiv P«a^iv/3i-d: 12'Jpaaa 
P.e-encer new Passwords 123pau 

^•asawtl: •passu T cr4 tally changed fox newuser2 
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Modifying a User Account 

Use die userK»4or smu«er sodily command lo modify a user's login 
acogiifit on lln* system. 


The ucen util Command Format and Options 

The following is the command format for the userr**i command; 

usernta I -u uld ( -c 1 ] -g gld ] [ -C- grid f , gid « . - ? J 
I d dir | [ n I I -a 4 ^eJJ I | -c cftwneiifi J 
[ -1 n&ivlagnMiol ic.^i rjmr^ 


In generaL the option? for Ihe us-ra*od ccn^oand function the sa e as 
those for the user add command. 


Table l #-7 nhows the key options 4 o the us^rrood commai^ 


Table 10-7 Key •muns for the Comman d 


Option 

Definition 


| Allows a L ID to he duplicated- 

-IT 

1 

Moves tTie*isor'$ home dirvcfcnv to the new 
location specified with the -d option. 

-1 

Changes a user's login name for the specified user 
account ^ 

1 i.~dct i VB 

p- 

Sels the number of inactive days that are allowed 
on a user account- f f the account is not logged in to 
for the specified number of days,, it is locked. 

-e expirm ~ 

Sets an expiration date on the user account. 

Specific the date ievs/ cd/yy) on which a user am 
no longer log in and access the account. After that 
shite, Ihe account is locked. 

xoriru7a^» Identifies the user's, login name f#c the current 

user account. 


The following example Chungs the login name and home directory fur 
r.fc^^ise^l to Lui t^r£i- 


m aaeanod -to -*d / export./hofr^/ustra -1 Tx&mz& nowuserl 
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The snoser ncdif y Command Format and Options 

The following je the command fiVrriat for tite snuser modify command: 
srtius^r nidify :au!h_<2^e] — tstikcc»j?Lr^rid_ar^sJ 


In gen^rah tike options lor the siruser modify command function tike 
same as for the szuser add command Refer to the sznuser (l>ll man 
page for addi tional options. 


Table 10-5 sWvvs the options for the srmser aersdify command 


TaBIc 10-8 •ptiomsfor die abuser n®aify Command 


Option 

Definition 

-n Levin 

Specific the user's login tLirm> 

-M i*wir. 

-:-. ' * 

Specific* th\i user^snewlogin no me 

---—!-- - 


The fblkmiDg gcample chie^ge? the login r^me and home dinpetury for 
rsev'-iUEir 2 to 


* /uar/dAiSRs/hin/xaMLser modify 
/expgrrt /hom/ueert> 

Autherjhi catidEffi ^ root 


-ft Qftouder2 -I) userfe d 


.. /O' 

Type /? for halp, preset® <*n8fc| Eiecepcs die ef^ault denoted fry I 
Please «nter a spring value tm- password :: EnfcexP^ewOTd 
Loading T#el: - orn . ten . sdmin . usermgi . c 1 j. . user. UserjicrcZ _ from sys41 
Login to as user r*oc v^s eucewefu^. 

^vrnlcad of c^t , --&in_actrdn,iisaiii>gr.cl-.ucer.UssnC^rrii from sys$l v^as 
successful. 


Peifcnming Usar Admir>igirat»on il-i7 

CoPYpghl 2 C*S soil MiCravysfcrriG, ino. All Htyhl* R«viKjbnA,2 
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Deleting a User Account 


Use the ua:«rdel command #r sraoeer delate cummaad to delete a 
user's login ocoaunt fro m Ihe system. 

The following is the command format fcxi* the user«tel commaiut 
userAel -i- login 


The userdel command also removes the user's home directory and all 
its contents if you reqii e^t it to do so, Use tlie -r option to remove the 
user's homtf directory from the local file system. This directory must exist. 


r 

The following estampJe removes the login account for a user named 

-eera- . §L ■:■ 


K UsJex'ciel u£#rz^ 



1 


# 


To truest (hat both the user's &rount and home dm^tucy be n^muved 
from the system atlhe time, perfbpfehe ainunand: 


ueexxlal -r users 


I 


The sraiser delete Command Format and Options 


Thq< idltAVing :'n Jhe command J^imat for Ihe smufrer delete.* command: 
nmizcz delete [autc^r^d -^[5UbC€cmfis2d_$?QS\ 

■ i ■■ 

The foU*oftni£example re moves the account fimm the system: 

if /uar/sadn/biii/Braiser — -n us&tfb 

Auchenti.cat.itig as user's rdcfc* 

: 


tVpc H fox help, projssirjg <etiter> accepts the default derated by | J 
Please ^iter d string value zbr: paSSv/Ord ; : Ent«rP?tssvard 
landing Tool: ccrr. sun * ti&idn . use^vpr - , cj j.. user, u.sebt-lgrCli £ rc.zn sy£4I 
Lcf 1^ tm syo41 ** user rect vsb successful. 

Dtwniead cf ccrf.sun, adrtin-u.^.eLJvi^r.cli.user.Useri J igrCii fr*m &>y*<£. v^as 



Note -LTilike the us^r':U:l command, the smuscr delete command has 
no -r equivalent option for deleting the home directory. The user's home 
di*iury must be ctefoted manually. 
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Managing Accounts 


Creating a Group Entry 

As the user, you create nem T gi«up entries on the local system by 
using the sroupadd ur smgroup add ctmmand. These commands add an 
entry for Hie new group into Hie /etc/frci^ file. Like the srrus^r 
command^ the 67^fr*up add command uses die same subcomrrtnnds and 
authentication argutncuii> derived from ihe Solaris Management Console. 






i ne groupaaa uommana 

The following t» the command /•rmat for the gr#u#udd command: 
group add [ -g gic [ *0 1 groupna^ 

Table 10-9 shows the options for the ccmmaiul 

Table 10-9 Options for the «fr*-^*dd Command 


-3 

Assigns <hc GIO number t»r <hc new group 

n 

AJIliwhi \\\e GW number to be duplicated 
---—— -- ---- 


me ruiiowmg us>es wl* ^rvupaau l wimianii ru create ne new 

group class on the loon I system: 

# grov^padd -g 301 

<A 

The smgroup add Command Format and Options 

The following is the command form.-* /ox the roup add command: 

/ sadn/bln /eiiLj^v/sip su£cocx\d/:d 'avt-n^rgs] — [s^xrr^unc 


/usr 


labk LOTOshows the options for the zimsrmup add command. 
Table 10-10 Options lor the sr*gr#uP ad£ Command 


Upturn 

UCIrriptiOTI 

-O lt id 

Specifies the GID number for the new group 

—in group, tf&srnbfur 

Specifies the new members to add U* Hu- group 

-r. groitfUMun* 

fipfeH ifie* the name of the new group 


Peftormlng User AMnfetretlen 

Cosv^areo SoriMewy*j*»*. krc>J itesarveo. Sun Severn. 
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Managing User Accounts 


The following example useslhe :ar.«|rou? add command to create n new 
group called ^orkcjx^up with a (JAB #f 123, and to add userm to tit* 
group: 

* /ucr/caAn/^in/enyaroup add — -n warkg-roup -g- 123 -m users 

Authenticating as user: r##t 

"Type /? ior help, pressing <encer> accepts the default denoted hy [ ] 
Please enter a string value fer: password : j Snter^asaroid 
loading Tcci ; cotl sun .aartiin. use xr^gr, cl i , preup, userMgrGroupC'li £r*jr sys41 
lc«jin to sys41 as user rest was nuctessf ul . 

Download. of c •res Lui.^dmj n , usem\|fr,cli , tjroup .UserMgiplrouPlii from svs41 
wscs suo cp^i fui , 


Modifying a Group Entry 


You cuui use tlx? following commands $mzn«di y a group eptry: 

• I'he sr®upn_~d command '^jjkk 

• The smgreup modify command W lS k l 


The grdupmod Command Format and Options 


'ihe following is the command for the §roupm*d c«nini<tnd: 

grouper! [ f -o | 1 [ -n ty*sf [ ^roapnaiae 

defines the o ti«nSjfor the grouprrod command:. 

r % 

Table lf*ll Op i«ns for the £r<:>upn#d Command 


Options 

Description 

-S ffid 

Specifies the new CtP number for the group 

- o 

Allows the GID number to hr: duplicated 

1 

-n T-jarne 

Specifies the new name for the group 


The following example changes the class account group C‘JL> number to 
401; 

Jt grouper o& -g 400 glass 
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The sni§r*up modify Command Format and Options 

The following is the command format for the s^gr#up ifuc-difycommand: 
/usr/ —udnlbio / sirtgr-yu- ^vzborurjreind [avtk_$r s. -- [ 3ub^mrmii20^ciT9s'. 


Table ID -12 sh#ws the •ptioiis for the snrjgraup rn^tlif y command 


Table 10-12 Options for the nidify Command 

#ption 

Ue&Ciiption 

-n nans 

Specifies tine name of the group you want to 
modify 

-n new_jTejrJbei' 

Specifies the new members to add to the group 

-N \ie**.\_gro?.ip 

Specifies the new gfi^p name 




The following exan!£|tfe changes the group jjv^gro-jp to ^e:hgo cjroup: 

* /usr/sadro/bin/sjngroup jraUfy — -n t/rakgroup -N 

Authencioacing as user; r««t . T'.l . 

' I ?tW 

■■■■ $ 

T Vpe /? for help, pressing accepts tlic de^ili' ct«note4 by [ 1 

Please ent£_ r ' a SLri.xig \>&lue for.; password : ; EntezrPissward 

leading To*1j ,frr^j»,UserM«rrGr»upCli fron sys41 

l^ffin t« sys41 as us$& \v*ie successful. 

D::wnlnad #f cc^n. sun,^^^-user^gr.-^Ti,gr« p.OseiMfrGr#upCli fron sys41 
was successful. 


leleting a Group Entry 


Use the crolpdel »r srofrcrp delete commands tm delete a group entry 
from the /etc/girjup file on the system. 


The sr#up 4 el Command Format 

The: following it> the command format fmr the: grcupdel command: 
cr^u^del Z^cupr^vt? 


The fallowing sample removes the gn#up entry cla*s=: fr*m the local 
si'stem: 

# girov^del cl ass 


pgrfirming User Aiiniftistratitrt 

C3^-ri|ht 2003 Sun >XiOtoSyS£*T*j ( In::. Ali Right? R»0rveid. Son S&r ReM;3i«n A.2 
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The smjTou? delete Command Format and Options 

The following is the command format f*r the sir^rov^ delete corruriAnd: 
/usr/^adaj/bin/sagrcr^p Cas±,^_cLrgcsl — [ subc^nr^^c_^tg6) 

You can u&l* the -n f^rcL^na^ie option with the smgroup dtdetfc 
commtuxd to specify the name of the group you wvuit to delete. 

Hie following example deletes Hie group entry schoolgrcu? from die 

local sv^temr 

it /uBr/od<Jaybiji/ a,I *j T wip delete — -n echool^roup 

Loagdr.g Tocl, f canusun. udrcin.~s«rr\gr.cli.group.Usez^grGcoupClf £ron sys 4 I 
l^ogj-n ~zxj zr/* 4 1 user ioot Successful. 

Uowrvlcail o £ #om, $ un. z> drr \r. us sxmg r . -li.#rOup. 'Jsen^pGr $ys 41 

was ^jccessful, 

Using the Solaris Management Console Users Tool 

& ML 1 V v 

The Solaris Mflnag^pent Console Users l#oi a graphical user interface 
(GUI) that provides fer’eys to Solaris OE system administration to#ls. You 
enn use it for adding, rctnuTing, and (modifying user and group entries. 
Tlie following sections contain a demonstration. 
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Start the Solaris M/uvigemenl Ccnxaale by typing sbc& on the command 
June or by di<fcii\g the SMC icon under the Tools submenu, A/ter the 
^Welcome to Solaris Mewagem^U Con^#^ message appears, cTick This 
Computer to open the Solaris Mnnagrm^t Console window. Siv 
Figure 10-2. 



Figure 10-2 Solane Management Console Window 


Adding a User Account 

■ ft*-' 

.JJk: tfofault method of adding a user account through Solaris 

Console! fc to add the user account with the user's homes 

dh^cti^j^^ltomounted^ Theiollowing steps demonstrate how tu build a 

vs^r terrtplnte th.il adds the uyer account with the user's directory under 

the /exp«rc3icrve directin'. 

lb add a user account perform the following <*ep$: 

1. OidThis Computer in the Navigation pane lo display the system 
managufin'nl Ieoh 

Z Click System Configuration lo display the tool for setting up a new 
user account. 

3 Click User* and enter the user namn? and password to be used for 
authentication if prompted to d» so by Solari $ ,\Management Connote. 

4. tooublisdkk Uyer Templates to access ihe tool to create and manage 
user templnlCfi.. 

5. Fr#m the Menu dar, select Acid User Template from the Adlan list 


Performing User Adminlslratfoo 

C+xqA&z znro Sonias raytt***. inc a* fcgffe Rfc^«t Sun te*ScmA2 
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Figure 10*3 shows ihe Add Uaer Template window. 







f) h ud: 

uvh {:n jmn y .;rrtl«, ?*- 

+umv*--ZAt}ra»i*tV*f 

IUtKkt*i 

Tti I 

inhoietrf) rbr mdUplMistr^ 

I * 1 Hwfcleifld 

» li m w Ite 

f» ^ A ae.'.-ora 


% ^ $ 


aSSHUm /Uy-- • 




Figure 10-3 Add LSer Template Window 

Wjg i,; ,- w 

n, 1 p®ten s ime £A 2 3 erjn Che Uwr Template Ncime field. V#u can 

preside an optional desc ription if y*u wish. 



Click live Home Directory tab. Ty pe your $y ste name i n the Home 

Directory Server field. Uncheck the checkbox labeled Automatically 
MoLiriL Hotne Pirechify, 


tntermadlale S^tem Administration far the Solaris™ 3 Operating Enviionrotnt 
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Figure 10-4 shows the Add User Template window with the Hume 
Oii^dory Informed n completed. 


■ 



jWliCTt lh:irojf dfe(lA/y^ 

• iirrmalKiLyawkiiiti ii<s¥ .IV Ml 
j!'i».:- , -UjliuT»rlh: WJ ilh^lhrt 
! krw il^cluy U<v»h k>|» 

« »i. Ihc ^cw'.tty •**] U Mu;»J 
rrai *m . rs^nr «u h U‘ wfcr.lfK 
,^rmx dr«*:rri;jW*^:: a 


^Figure 10-4 Add User Unmpfate Window (^iorrw> Directory Tab) 


Ch::h Cu V.X “ : i 
w tw(. *! 11 ut-‘t b«=t */t:l«Y 





Performing User AdmUiislr&Oon 

C oojrt^CJGoG SgnMtewyftevn*, m fill flt9r*tfe9raj,Su> Servlces.amrfti A-2 
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M anagin g User Ac co unts 


ft. Click OK, and the Solaris Man^em*>nt Console fJJser Templates) 
wind#w (Figure 10-5) rcnppeais with the 3A239vsex template in the 
View pane. 



J |, " ; i'j* 


i I I' ii ji r\ 

"V J-H nnl r 


Htfiigslv.i 

>• gJ.TinC "WJH 
*■ Jj 

f Ji ^. n«n=i.i g .Trtih m ; 

f ’ A 

£ V QT AUALHM 
■ ■ 

'tFrt 

4.4-1^41* < 

Dronit 

*..■; V Jl r-g L'J: 


4 




A '*•'•0* U at I m r, gvr:: *is eTj* tf us m Iuyj| m wr-mt^ mum- Uirrc, :rr< Ura u= 

v«rf i^i l.i^ VJimy™-crw!Ti*^^.*i ifcp ^->10 

•»i*- i- -i-jjJqi* ±x iiew 4iai*Ni ,1 k:fa?- ■■ t* r •'izway^tn i.w« 



Figure i0 5 Manxmen* Tba&m Solans Ma nagement Console Window 
&» '*6 LWfemplateM 

% i 
*?{%> 
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Managing Us*r Accounts 


9 . Click U*>r Account? from the Navigahcsi pane, and a list vf u*er 
accounts on the system appears in the View pane. See Figure 1 (K 6 l 
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Figure 10-6 M<irvigementTo»ls: Solaris Console Window - 

Jp,. LWr Accounts 
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10. From the Mena tfar. yelf^t Atiioa Then select /Veld l/ser, nnd then 
select Prom Template. Ttu> Add User From Template window 
appear* See Figure 10-7- 
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Figure 10-7 


Add^ser 


From Temp Wo 


>e 




Because you only have one template created, it is# the default template 
§i*ailablc h^em tIm U&cr Template pull- ovm list. 

11 [rFthe field beside User cnterMhe login ID of the u&- s r you 

witli tocroate. A full nSfae and description are •phonal 


12. Click the button User Must Lise and fill in the pasiM’ord and 
(joafirrnDtii'so fields with the password I23pass. 

13. Ciid^)Kfind the Solaris Management Console (User Accounts) 

window icappears with ihe user account you just created m the 

View pane. 


i»£t 
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Managing User Accounts 


14. DauhUxIick the user account y#u just creeled. ‘Ihe lisa: Properties 
window appears (Figure 1CM5J. You can view and modify the 
properties of that user account. 



b- 

I« imcv<x 

wef: KiUru^jhu 
vHibi ihrwc :ct*vrf; 

isd* Jl v>lns. !</caaiially 
itet.pH'jta Ac Yw cx 

[ «•*&*> mmS a i i :c*e*c«r= sk, 
K^4 


IT: <rwnriJwJoKi>i;<**)&{ 

Lion r 0 click .-total AAA tM. 

Th-fcc ii-.oPrn; *±4abki 
••J< ^steB -«s i-T^iriiuhiin^ 

I warr^mcM ?&* 
^TPl 4 lKT«t JCI £#.«.l 4 lty 

tx*’ 


Figure JfHi User Properties Window 
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Manag ing use r Acc ount 


The screen change* to revea] ,i list of group*. Figure shows the 
information under the Group tdb, including Ihe primary group lo 
which the user belongs and a list of available groups. 



17. &dd the giflypt to which you want the user to belong, find then click 

v Hi* j| 
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Deleting a User Account 


Figure 10-10 shows- the initial steps you take to remove s user account 
from Ihe system. 



Figure 10-10 Management Tods: Solaris Management Console Window - 
Deleting a User Account Window 




1. 
2 . 

K * 


Highlight the user accojftt in ttye U^er Accounts window. 

From the Menu 0ar, click Edit. Select delete from the Edit menu. 

Figure UMl show's the warning window that append asking you to 
verity |hat you want tu delete die user account. 



Figure 10-11 Warning: Delete User 


This window alyo contains options to remove the user's home 
directory and to remove the user's mailbox. 

3- flh*ck the appct/printelKwesy and then dick delete. The tEet acvnint 
is deleted . 


Perfo/rning UseT Adm Inlslratofi 

CapvHnM £0C<3 SunMioasyskinig,li>C./>ll Kiah1& Reaer\«d. SunServiaou. A,2 
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Troubleshooting Login Issues 

Some of foe mod common problem* )xsu might e counter as a system 
administrator are user login problem*. There ore two categories of login 
problems: login problems when the user logs in al the command line and 
login problem* whan the user logs in from the Common Desktop 
Environment {COE). 

The CUE uses more configuration filea, so there are mare poient'ial 
problems cTs^odated with logging in from the CDE. When you 
troubleshoot a login problem, first dettrmine whether you can log in from 
the command line. Attempt (o lag in from another ffljBteffi by using either 
the tc-ln^ command or tlw rl#gm vomm and, or clltk Options from the 
CDE login panel nnd select Command Line Log) , If you can log in 
*nccvs^fiil>y at the command finer then the problem is with the CDE 
configuration files* if you cann*t log mat the command line, then the 
problem is more serious and involved key configuration file*. 

Login Problems a t*he Commend Line 

■*, :;: i | c* 

Table 10-13 prmntPttsupver view of common-log in problems 1 hat occur 
when the user logs in : Jplhe oammand line. 


Tablg X043 Uipa Problems at the Command line 


... 

td|mVw)bleo) 

Datvcriplion 

Login iccorr-EC" 

i 

lhi* message occurs when there are problems with 
the login information, lhe most canmiOn cause of 
an incorrect login message is z mistyped password, 
Moke sure the that correct password is being- used, 
and chen attempt to •ttfer it agein. Remember that 
passwords are case-sensitive, g+ you cannot 
interchange uppercase let tor* and lowercase letter*. 

In the same way, the letter "<T is not 
mterchangeablo with the numeral "Q” i\or is the 
letter "T interchangeably with the numer al "!/' 

Bftm - verier, 
denied. 

L___ 

1 his messag-e occurs when there arc login, 
password, or N IS i security problems. Most often, 
an administrator has Wcked the u**r'$ password or 
the user's account hashed terminated. 
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Managing User Accounts 


Table 10-13 Login Probl ms at the Command Line (Continued) 


Login Problem 

Description 

Password wi 3 J 
net work at 
lcckscreen 

A common e^or is to have tire Caps IjOCk key OT, 
Which causes all letters to be uppercase. Th ii^ does 
not veork if the password contains lowercase 
letters. 

No i i 

This massage occurs when the liswi-'h alwll diH.^ not 
exist, is t}y>ed incorrectly, or is wrong i\ ihu 
/ate /paaswi file. 

Loc directory] 
lc*r«rin£ in wits. 
h-^ire—/ 

Tliis- message occurs when the user cannot -access 
the home irectory for one of the following 
rca&ons; An entry' in the /etc/F^sswri file is 
incomxl, or the hsune diie^ftty has been removed 
(V i* missing, or the home directory exists on a 
mount point that is currently uiuvniLihlr. 

Chocbe u 
pas$usrd 

(followed by lho 

iv=w 

prompt j 

FItu: message ot i u rs the first time a ust-i !i >gs in 

And i hi an initial password 1\* access the 

account 

X * 

% 

C»uldn' t fork a 

process! 

This message occurs then the server cou d not fork 
a child process duupg login. Ihc most comnum 
cause jsf this ine$sage is that the system ha$ reftvhed 
«HPfBxim um number of pr#ccs*es, You can either 
kill some unnceded processes (if you are iilnMdy 
logged irrto that system as root) or increase the 
number #f processes- your system can handle. 


Login ProWems in the CDE 

Problems associated with logging into the CDE range from a user being 
unable to login (and rttUmirg to the CDE logjn screen), to the Cttslojn 
environment not loading properly. In ^eneraL the system does nc>t return 
exr#r messages to the user horn the CPE Ihe /•llowing is a List of flics 
and director^ provide troubleshooting information about tl\> C'DE; 

• / usr / dt /bin/ Xae^eian 

This file is the configuration script forlho login manager, This file 
should not be edited. The first user-specific file that tK^ xaeaaic-n 
script calls) it) the file. 


P& forming User Admlntetraiion 
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• ^HKE.'.drprofile 

By default, the file does nol contain much cun tent except (or 
examples, It cuntauL>a tew •e.-j*statements far session logging 
pmpo&e^ and the DCSwURCefrofile variable is set But il al$c> 
contain*? information about how it might be edited. The user c&n edit 
this file to add user-specific environment variables, 

• DTS.or^riKPROFILE^true 

Th/s line allows the user's $HQI'1E/ .log^n file (for esh user*) or the 
$H&fE/, profile (for other shell users) to be sourced aa purl the 
startup process. 

Sometime* a .login or.profilefile contain problem commands 
that cause the shell t# crash. If the .dL^rofiT^file is set k) source a 
.login or .profile file that has problem cnmitiitf^tf, desktop startup 
might fail. 

Consequently, no desktop appears. Instead, the syvlem redisplays 
the Solans OE CDL I •gin screen. Startup errors from the . log_n 0 / 
-FT^f ilo file are usually noted in the ggHCHE/ .dt/starclog file, Use 
a Failsafe login Senior* ox a coamm^linc logi n to deb**g problem 
commands in tho . login or . pro flits files. 

• iL'/ate/.dt/»as;sicm 

Tlus directory structure contains files rind tlirectoiies that configure 
the display of the user'* custom desktop and determine the 
applications tWt Htart vrhen the u.stx Ifigs in. Look for iecent <:h*mgi?!$ 
tu filea.and for clvulges- to the directory structure. Fur example, 

:||||; examine die hint directory and the heme, old directory or a 
: : :f; g^rrent directory and the curr r.t. cl* directory. Compare the 
^Ihangeu. The changes could provide information on a new 
:|| application or on changes in the saved desktop iKit cause the user's 
Jf login to fail. 

• .dt 

Upon removing the entire .dc directory OAidu^ log out, and log 
back in again for the system to rebuild a default _ct file ^Mictuie, 
lhis action allows the user to get back into the system if dn_> problem 
with the CDE files cannot be resolved. 
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Managing User Accounts 


TaHe 10-14 sh#ws the Joaititns of and iitfoimation found in error logs tor 
the CPE 


TabJe 10-14 DE Err^r Log Locations 


Location 

Error Log 

/var/dt /X£3rro-g 

The Solaris OE CDE login window system errors that 
occur prior to user login 

$i'iO!£Z/ .dh/gt^r- Icq 

The Solaris OE CPE errors that occur during the s tartup 
•f lhe ^session scrips while processing he 
.dtprofile, .login, or profile fil£ 

$nCMZ/ »f? - •„ d 

SHUMtr/ .dr/'srrcrlog. •lisi- 

1 he Solaris OE CDE errors that occur after the 
script stnrt iip^ 

. dr/aeGsIonlogs 

•irectory of s ssion Jogs for ^.esi^^fr^ger nnd 

Wi nd o w Manager errors 


ft 


■■■ 


. m * 


& & 


ftf 

. 
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Perfor ming the Exe rcises 


Performing the Exercises 


You Mve the option to complete any one of three versions o f d lab. To 

decide which io choose, consult the follow'mg descriptions of the levelsr 

9 Level 1 This version of the lab provides the letfst amount of 

guidana?. Gach bulleted paragraph provides a task description, but 
you must determine your own wa.v of accomplishing oach task. 

9 Level 2 - This version ot ihe lab provides more guidance. Although 
h step describes vvhat you should do, you must determine the 
commands kind options) to input. 

9 Level 3 This version of the lab 1ft the easiest bo accomplish because 
each step provides exactly what you should input to the system. This 
level also includes the task solutions for all ih tee levels. 



* 

i : 9syi i i 
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Exercise: Adding User Accounts and Group Entries (Level i) 


Exercise: Aefefing User Accounts and Group Entries 
(Level t) 


In this xerdse, you use the Solaris Management Censelo, as well as the 
smgrcup, -s^rm^d, userdel, gr*upadd, and ffroupdel 
commands, to create, modify, and delete multiple us*r accounts and 
group entries. 


Preparation 


Refer to the lecture notes as necessary to perform the tasks listed. Refer to 
Table 10-15 and Table 11-16 as needed. 


Table 10-15 <1 croup Specifications 


Group Name 

G1D Number 

CZ_£L£.£I 

H)1 "#i 

■' ■■ i 

cLuts2 

io= i i 

wl&l 

mm. - - • —— 


Table 10-16 User Specifications 


w 


X 


User 

Name 

Fas^vnrri 

Shell 

UID 

Primary 

Group 

Secondary 

Group 

QE=erd 

l^opass :5s a f 

Korn 

100J 

10 

class1 

UG^l'4 

123pass 

C 

1C04 

10 

Cl£LE£l 

u 

■ ' 

Bourne 

1005 

10 


locked! 

Select Account fe‘ 
Locked 

Bourne 

2001 

10 


cleared! 

Select U&er must 
set password at 
next login 

Bourne 

2002 

10 



Performing User Administration 
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Exercise: A dding Us er Accounts a nd Grou p Ent ries (Le vel i)_ 


iooa 


Tasks 


Complete the following tasks; 

• Disable I h e Solans OE registration window*. 

{Steps 1-5 of Task ] i n the Levci 2 lab) 

• Working from Tabic If-15 and Table 10-16 on page 1037, create two 
new groups and two new liters by using the grouped^, angroup 
useradd and snr^a«r commandos 


(Ship? 1-2 ef Ta&k* 2 and 3 in Lho level 2 lab) 

• Launch the Salari* Management Console, and create a user template 
to add isen thnt do not use automounfed home directories. 


(Step 3 of Task 3 in the Level 2 Jab) & 

L T sing the Solaris Management Console, Md the nt?nv users us rart>, 
lockudl .find cls^^djRbi with characteristics tfm Table 10-16 on 
page 10-37. 

(Steps 4-5 ofjpisk 3 in ih^ Wvel 2 labjj;. 

Verify that tA&lur'tls you sp&ciiy are sethi thcye^c/paaid’A'd file, 
determine if the password strings f«r users %vit{) the same pzts^word 
are also the same in the /etc ■ hie- Check Ihe password 

strings for the users L^ksdi an^ oltopedL Verify that the usec^ 
v&s r3 nnd^ser4 arc secendary of the cla*sl group. 

(Stepl 1-4 mi Task 4 in the Level 2 lab) 

Determine what happens when you try to log in as the user 
lochedl. Verify Uiat you can log in as the user cleeredl, Keeord the 
password jiaauircment& indicated, 

(Steps Scr6 mi Task 4 in the Level 2 lab) 

Establish pasword aging for the user usecS. Oetermme whert 
happens whai you idlUmpt to log in as that user. L#g in as 
and atlompt to dvtnge the password from the command line. Log in 
as the root user when you are finished 


(Step* 1^ mi lask 5in the Ijevcl 2 lab) 

• Li$e the < 3 frc^#acid command to add a group called claaa3. the 
u^ez7iod command to change the UlD number/ heme directory;, and 
user nnme for Ihe user -cckediL Verify that the change* exist in W\c. 
/etc/piiHa^ file 


(Stvps 1-2 of Task 5 in the Level 2 lab) 
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Exercise: Adding User Accounts and Group Entries (Level 1) 


• Use the smuser cununand to charge the login ^iell of userS to keh. 

Use Ihe userdei coovnnnd to delete the user ^er3. Wirify dwl IJ>e 
Jtome directory has been ddeied. Use the couutvaoJ to 

rename < he group classl togroupl. Use thegr#u*dei command to 
remove the group class2. Verify the changes lo the /etc /group file, 

{Steps 3-7 o/ Trt$k 5 in the Level 2 lab) 



Perform ^ User Adrnknlairailon 

Ccp«^N2TO gun Wei kK- AM Rjflfrrte St^t Sc*.*®*, «ente*n 
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E xercise : Addin g User Ac c ounts a nd Group En tries- (L ev ftl 2) __ _ 

Exercise: Adding User Accounts and Group Entries 
(Level 2) 


In this Exercise, You use the Solaris Management Console, as wefl as the 
useonol us^rdel, groupadd, nd gru^pdel 
commands, k> create, modify, nod delate multiple user accounts and 
group entries. 


Preparation 


Roter to the Inofces as necessary to Perform Ihefcsks listed. Refer to 
Table 1045 and Table 1046 on page 1 (K37 as noodec^>. 


Task Summary 


In this exercise, you accomplish the 



• Disable the Solaris OE rcg^raflaii window, 

• Working from Table 10-15 10-16 on page 10 - 37 , create Kvo 

new groups and two new users by using the commands grounds, 
ssigrcu?, u9er^dd. and 


Launch tli$ *kilaris*Maniigement Console, and create a user template 
5 add user* that do nol use automounted home directories. 


• Using fiie; Solaris Management Console, add the new users users, 
iockedl aaa.d cleavesJ with characteristic* from Table 1046 on 
P'-'V &-&• 


• Wrify that the shells you specify aresetin the /etc/pass-^d t'do. 

Determin^ if the password string* fox user* w ith the same password 
arc also the Mime in the /etc/shuckw file. Check the password 
strings for the usexs lock^di and clearedL Vcn'fy that the us*rs 
usex 3 and user 4 are secondary meoibeiN of the classl group. 


• Determine what hiappcns when y#u try to log in as the user 

2oc kfcdl. Verify that you can log in as the user c„«aredl- Record the 
password requirement indicated. 


• Establish password aging for user 5. Determine what happens when 

you aiitompt tt> log in ay that user. Log in ay user5 :ind at:empt to 
change Ihc password from the command line. Log in as the rsot; 
uaer when you are finished. 
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Exercise: Adding User Accounts and Group Entries (Level 2) 


• Use the sroupadd command t» add a group called class3. U*e the 
^omoccununand to change the lH number, home directory, and 
user name for the user lockedl. Verify that the changes extst in the 
/etc/passwd fde. 

• Use the smufler coinman to change the login shell of usec5 (o V/l 
U se die ua«rdel command to delete the user user3 t Verify that the 
user's hotnc directory has been deleted Use the srev^reup command 
tm reiifiitu? the group classl to grau*l. Use the groupdcl command 
to remove th(n group class2. Verify the changes to the /atc/gx«up 
flic. 


Tasks 

Cwnplete the following liisk$, 



Task 1 - Disabling the Solaris OE Registration Window 

): k | 

Complete the following steps: 

1. Disable the Solan* QE Registiatjnif^fhdnw so that it does not 
appear whenever a new u er logs in from the CDE- 



L#g in as. the ~oot user (or use the & u command to change to the 

TOOL LLSt!J /. 

Chirtijjjft U) the /©rc/def aulL directory. 

In the m fault directory, create the aol^egis file, 


l*vi Ml regia 



In the solregi* file, ty^pe the keyword liSABUE^i {note thfrt the 
chamctvr "1" i$ the number one). 


6. Save thb file, and exit the editor. 


Task 2 - Adding Group Entries 

Complete the following steps: 



Mole - Hefer to Table 10-15 on page 10-37 for details while Adding group*, 

1 As I he root, user, open a terminal window. 

2. Add the two group* classl nd class2 with the groupaclcl and 
SKiiji'oup commands, respectively. 


Fs/toftrfmg u$er Administration 
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Exercise : Adding User Accounts and Gr+up En t ries (Leve l 2 ) 

Task 3 - Adding User Accounts 

Complete the following steps: 


Note - Refer to Table 10-16 on page 10-37 for details while adding users 
with the various looks 


1 . 

2 . 

3. 



Add a user nniivied user3 by using the u^eradcS corrummd. 

Add a user named user4 by using the srmisfcr command. 

Launch the Solaris Management Console by iyping sac& on the 
command line. After die Solaris Management Q*ns*le appear#, 
i reate a user template t« add user accounts that do not use 
flu to mo unted Lome directories by performing ihe follow’ing: 

a. Select Thi# Cumputor, and then select System Configuration. 

Then select Ibers, and then select L^r templates to open tire 
User Templates tooL 

b. From Hie Menu Bar, Action. Tht^n select Add User 
Template 

c. The Add User Template window appear containing blank 
Helds fox a template name and descnpticii: Enter the name 
239user in the User Template Name Held, and s.^23? for die 

Description field. 

d. Click the I k-me Dirq^tyiry Tab Lind uncheck Hie AutotnaficaTy 
Mount Home Directors check box. Enter the name ot your 
system in the Home Directory Server 



e. Okie OK to create yxxir template. 

4. Click U sS^countev ond add the u*er5 account by selecting Action, 
then vehctt'ng Add User, and then selecting From Template on the 
menu bar. 


The Add User From Template window appear. Enter user5 in the 
User Nam? Held# and select 1005 as die User ID Nu*iber. For the 
password, click User Must Use, and enter 123pass in both pati* word 
fieJIds. Click OK. 


5. From the Solaris Management Console, add additional users 
lacked! <w*d cleared! by using the 239u£er template. While 
adding the cleared! user, select tlie pigweed option User Musi Set 
Pag&’ivord At Next Ixigin. After add ing both users, double-click the 
Jorkecil user and select the tab General. Under the Account 
Availability section, select the button Account is lacked. Also select 
the ^hell as listed in Table ICMSonpage 10-37, 
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Exercise: Adding User Accounts and Group Entries (Level 2) 


Task4- Examining Configuration Files 


Complete the following steps; 


1. Examine the; contents of the /etc/pass’d file. What are the full path 
names of the shells used by user3, user4, and user57 


2. Examine the contents ef the /ecc/sAadcw file. What text is f#und in 
the password field fer the users loc'<^cil and cleared!? 

3. You used lh* **ime pa&yword for u&er3 through u£.er5. Aw the 
password strings the same in Ihe /e-c/shadew file? 


4. Examine the con tcnls of ihe /etc.'f roup file. Verify that user! and 
u&er4 are both listed as secondary members of the cla«£;l group. 
Are they? 

5. Log out of the CDE, and attempt to log in as locxedl. Are you able 
to log in? 

6. Attempt to log in a* c£earo£1-. Wlia I happens? Attempl to use the 
password cb«detq. What are the system requirement for the 

F&BWUtidj 

Use the jtffcswoid abd23, Login ascleared! after you establish a 
password te verify thal the Login works. L#g*ui, and log in as the 
rooi user, 


TaskS- Establishing Password Agin?) 

Complete the fallowing au*pn: 

-h SUb* Solans Management Console, and go back into thti User 
AcOiiUntb Tool. S^l^ct user5 fr«m the list of users. Change the 
password option* information for u $ o that it matches th c 
following informatics- Clide #K when you an? finished/ and exit the 
Solans Management Console. 


User Must Keep For 
Before Change Alert User. 
User Must Change Wilhiiv 
Expire* if Not Used Fer: 


1 {#nt > day} 

1 tone day) 

2 (tw#days) 
1 (one day) 


2. Log out of your root login session. Attempt to log in as. ucer^ What 
liappens? Supply a new password if necessary. 


Performing User Arffoinlurafton 
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Exercis e: Addin g Us ^r Aocou nls a nd Grou p Entr ees (Lev el 2) 


3. Complete the login as user^, Open a terminal window, and attempt 
to change the password you [u$t ^et. What happens? 

4. Log ait and log in Again as the ro*t user. 

Task 6 - Modifying User Accounts and Group Entries 

Complete the following steps: 

1. Use the gro ^adi command to create a ne w gmup entry called 

that uses ClD number 103, 

2. Use the ueetTr.ocl command to change the login name of’ lochetl_ to 
user6, the UIP to 3001, and the h«me dtrei'tory of locked 1 to 
uoer6, Verify that the changes you request are crowded in the 

/etc/p&^^ed file and the directory thai j^ aS mov ed. 

3. Use the simmer rnccufyoomrnand tochad^ the loguvshrill of u&er5 
to /bin/k^L Verify that the changes you ftiquest are'reeorded in the 

hie, 

4. Use the uaerdel command to delete the account <zi«are(5L and 

the related h||ne directory Verify that thcsi/axport/tiun^/c^e^rc'dl 
directory no ^pger exiftt&f 

5. Use the ssigrou? co<nma^i to change the group name of clasisl t# 


groupl. 


6, Use t]i<v-£rrc*u>del command to remove the group entry cla£G2. 

<Z Verify Ihaithe com mandiAised to modify' group entries have 
lified the /etc/group file- 
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Exercise: Adding User Accounts and Group Entries (Level 3) 


Exercise: Adding User Accounts and Group Entries 
(Level 3) 


In this exercise, you use the Solans Management Console* as well as thi> 
snuser, s£r>grouP, usermed/ userdel, grGujadi, grouped, tind 
grcu]tdel commnndSr to create, modify, «rw*l delete multiple user 
accounts and group entries. 


Preparation 


Refer to the lecture notes as necessary to perform the listed,. Refer to 
tabW 10 15 and Table 10-16 +n page 10-37 as needed. 



- Some of the commands displayed in this section a nr quite lung and 
wiJI vnap to the next line. You should crxxsider ail of the hold typeface 
c'#mmHTKls that follow a command line prompt bo be all cwt&Jini*. 


Task Summary 

In this rwrd^v you flocamplgih the following: 

# Disable Iho Solciris? OE registration window. 

h£. 

• Working from Tabic 1(1-15 and Table 10-16 on page 10^37, create two 
now groups and two new user accounts using die commands 
gccuPadd, srogreup, us^radd, and sn-aiser. 


• Li unch the Solaris Management Console and create a user template 
\o add user^ that do not use automounted hame directories, 

• Using the Solaris ManagemMit Confine, add the new user accounts 
-^ers. locked^ and clear^dl with cfwuTuteristks hem Table 1#*16 
on pagi> KK37- 

• Verify that the shells you specif arc set in the /etc/p&ssv*5 hie. 
determine if the password strings for users with the same password 
an* albO the same in the /eto/shado-.-: file. Check the password 
strings for thi* u>ers lockeil and cl^ar^dl. Verify that the users 
user2 and ua«r4 are. .secondary members of the elassi group. 

• Determine what hrtpp^n* when you hy to log in as the u&nr 
locked!. Verify that you can log in as the user cleared!, Kecorx l the 
password requirements indicated. 


/forming u$& Administration 

s M* rt»f»«n^dL me. Aflftgto Rfc^wed. SUtiSenfee*. F*rcsonA-2 


1<M5 














Exercise: Adding User Accounts and Gro up E ntries ( Le vel 3l_ 


• Establish passtvord aging for the user user5, Determine vchat 
happens whm you attempt io log in as that uner. Leg in ns usei-5 
and attempt t» change die password from the command fine. Log in 
as root when y ou are finished. 

• Use tile groupadd com and to add a group called c^aaflS, U se the 
usenrvtd command to change the UID number* heme directory, and 
user name for the user lockedl. Verify that the changes exist in the 

file. 


UseHiear-^ea command to change the login shell of user5 te ksh. 
Use the user dpi command to delete the user] account. Verify dial 
the user's heme directory has been deleted. Use the sragroup 
command to rename the group clasel to greupl. Use the cjrou^cUd 
CMUTUind In remove the group ciaee2. Verify the changes to tlie 
/eCC/C rouP file- Ji 

I , m I. 


Tasks and Solutions 


Complete Lho following tasks. 


Taskl -Disablir 


^ Solaris OE Re§sfration Window 


■vi eolxegi* 


Cornpk-hf the fellewing steps; 

1. the ^larin VE Registration window so that it does not 
applir whenever a bCw user log£ in from the ODE. 

2. Log ina? die irx>t ii^er (or use the su«7mma nd to change the root 
usi>r). 

$.Ouingete the /^t.c/deiault directery. 

4. In the directory, create the file salreeis. 


In the aplresz s file/ type the keywerd D^GABLifc=l (note thrit the 
character "l r is the number one). 


6. Sav^f this file, and exit the editor. 
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E*ercl$e; Adding User Account and Group Entries (Level 3) 
Task 2- AddingGroup Entries 
Compile the following step*: 


Note - Refer tn Table 10-13 on page 10-37 for details while adding groups. 

1. As the root user/ open a terminal window. 

2. Add the two groups cl as si and class!, -with f roulade wnd 
Stroup commands, respectively. 

tt grcrupadd -g 101 claeel 

it /u^2r/a^dm/bin/^grc7up a3d — -n c1«jic2 -g 102 

Task 3- Add ing User Accounts 

Complete the following sk'ps: 




-A 



Note - Refer to Table l(M6 page 10-37 for details while adding users 
with the various tods. 


1. Add ,i user named u$«x3 b^rjyL^ng the useraid command. 

d ti geradd -u 1003 -g 10 -O claa«l -d, /axpeott /hanK*/u.&ei:3 -n -• /bin/kah 
ue«r3 

(1 paeawd user3 

>few Pass’/^d; 123pa?0 

Re m~:er Map Password; 123p«aa 

passv,"4: successfully changed f«r user3 


2. Add a user named user4 by using the srauser command. 

it /usr/cadfei/txLu/Bvaer — -n user* -u 1004 -g 10 -G cIaaa! -d 

/^JcpoTT/hrmft/b£n/c«h -* «utekn&«tl 

H pa^swd xider4 

^evf 123pOM 

Ite-oiier ?j&* 123PASS 

pa^sviad: pass?e»rd successfully changed for user4 


3. Launch the Solaris Management Console b> r typing and on the 
command lina, A/ter Hie Solaris Management Console appear*, 
create a user template to add user accounts, that do not u&e 
auti»noimted home directories by perf oiming the following: 

a. ‘Select This Computer, and then select System Configuration. 
Then select Usei^s, and Oiensdlect User Templates to open the 
User Templates t*ol. 


Partorriu'ng uaerAJenlnicirallcn 
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Exe rcise: Add ing User Acaxrns and Group Entrie s (Leve[3) 




b. From the Menu Bar, Action, and then select Add User 
Temptnte, 

c Tin* Add U»er Templak> window appears, containing blank 
fields fora template name and description. Enter the name 
23yueor ill the User Template Name field, and SA235 for the 
Description field. 

& Click the Home Directory Tab and uncheck the Automatically 
Mount If*me Birectory chcf:k box. Enter Ihe name of yeur 
system in Ihc Horne Directory Server field. 

e. Click OK bo ovate your template. 

4. Click User Accounts, and add the \ieor5 account by select ing Action, 
then selecting Add U*er, and then selecting Pn*m Template on the 
menu bar. 

The Add LSjvt From Template window appears. Enter u*erE in the 
User Name field and fcdoct 1115 «? the UlD Number. For password, 
click the button called User Must Use, and eutcr 123pa£$ in bolh 
password ficld^Cfek OK. 

5. From the Solaris Management Console, add the users locked! and 

^ I by using tl\e 23&u5ear templ^J^. While adding the 

cdearedl uso^edect the password option U*er IV] ust£ot Password 
At i'vext Login. After Adding both double-dick the lcck/stfl 
u-st'r and select t>v tab General. Under:, the Account Availability 
section, select Account is Locked, Alsq^gelcvt the shed as listed in 
T;\hJe 10- lb ai page 10-37/ 

Task 4 - Examining Configmation Rles 

Complete the following steps: 

1. Eramhu? the contents itf the /£t£/p&3^idfi]e. What a re the ruii path 

names of the shells Uised by' -ser3, ue-=x4, ^nd user57 

usez-.i /oin/kah 

useH /bih/cah 

ueerS /b.i.n/sh 
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Exercise: Adding User Acco unis and Group Entries (Level 3) 


2. Examine the contents of Ihe /erc/ shad** file. What text i* found in 
the password field lor ihe users locxedl and cleared!? 


lockedi *IK* 

cleared! r.tne 


3. You used the same pa&swerd fur user3 dirough u*er5, Are tho 
passvvoixi strings live same in the /ecc/shadcv; file? 


4. Examine the contents of die /etc/group file, Veii/v tlvit u*er3 <ind 

user4 nre both listed as secondary members of the classl gruup^ 
Are they? € 

name* user3 a fid userd should be listed in Ite bftt,tiddfw file 
clas^l group. 

5. Log out of the GDEj and attempt to log in as lackecL Are you able 
to iog in? 


m 


\*o< you gi t a tvcssiigc tkpi iofrir? Jsneo^re^t. jwimtter ufal you 
me z* a password . 

Attempt to log in as cl eareaL What liajjferis? Attempt to lisa the 
passivord abedefg, VVhrit are die sv-stem^quirements /or the 
■igayswurd? You jnutft not press Return when you are atked for an 
^I|tidI password, .,• \ 

Hl^ cIiooxl' at) initial passivird for this user and thoi ;<n£ nr again, 
characters must content at least tico alphabetic characters and 
at lca3i^l numeric or special character. 

Use the password abc .23, Log in as cl^r-=dl after you establish a 
password to verify dvi the loght works. lx>g out, and log in as the 


root user. 


Performing User Administration 
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Exe rci se: Addi ng UserAcoou nl s and G roup Entries (Lev el 3) 

Task 5 - Establishing Password Aging 


Complete the following steps; 

1- Start the Solaris Management Console, and go back inlo the User 

Accounts tool, Selccl user5 from the list of users, Change the 
password options iufotma.tion for user5 so I hat it match#* the 
fallowing inf rmdliOn, Click OK when you are finished, eind exit the 
Solaris Management Console. 

User Must Keep For; ] (one day) 

Before Change Alorl User; 1 (one day) 

Uaer Must Change Within: 2 (two day-s) 

Expires If Not Used For: 1 (one da'^ 



2. Log out of vTiur root login Attempt to log in as users. Wha t 

happen?? Supply a new pass word if occ^>ary + 

Y#?< tiiuti supply tt i\crv password before you emi log iv. 



Whet/ you leg in, a wanting indicates ttot your prts&i'vvd expires in two 

i w 



4. 1 idg out/ and log in agate as the r#ot user 
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Exercise: AckfcngUser Accounfc and Group Entries (Level 3) 


Task 6- Modifying User Accounts and Group Entries 

Complete the following steps: 

1. Use the ^roopaod command to create a new group entry billed 
clas$3 that uses GID number 103- 

# group&dd -g 103 <?lapa3 

2. Use the usernad command tuclwige tile login naiTu* of 2»ckedl to 
userfc, the UID K>3#Hr cUid the home directory of tckecU to 
userfc. Verify that the changes you request arc recorded in the 
/etc/paaawd (iki and lh;rit the directory was moved. 

$ ueermol -u 3001 -d /•xjK*rfc/hefwa/uaerO -n -1 u&*r6 lockodl 

The /ezc/?*&3',,'d file should reflect the mo IQ9 number and user 
Tiie (fifitcton/ under /«{port/hcir^ shorn hi be renamed. 

3. Use the srruser ;*#dify command tochjirige the login shell of uasrb 
k> fekrj ksh. Verify that the dvmgjes yx*j i*>quebt are recorded Vn the 
/otic/ yXJ&wl file. 

# /uar/sad9v/bin/smi£«r wod^y — -rt umt 5 -a /biji/kah 

7#Vf /etc/paeaved trwf 3^>c /fjln/kcn, 

*■ X; v . 

4. Use Ihe userdel command to delete the user account claaredl and 
the related home directory. Verify that the /^xpert/hectie/clearedi 
directory no longer <*% 

# usardel ^ :H: eleawdl 

The /eXESdtrL /korae/ffl ^.rsd" ^tirttetry s/xoxrtd xxo /ox^kv oi/tf. 

-*\ 4 - 

Use the .fejfvgroup command to change the group nrimv of class! to 

P 0 ^- 

# /us r / sadm/ti-Ti /Engrcrtip ODdliy — -n cla*Bl -N giDQl 

6. Cwthtf sss affdel command t* cenruve the group entry clesst. 

% gru^dfil class2 

7. Verify that Ihe commands used to modify gmup entries have 
oom\ tly modified the /etc/^roi zp file. 

TV gnwp grouPl should ex ist. The groups classl and cl&sa2 slwuld 
not exist 
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Exer c ise Su mmary 


Exercise Summary 



Dj&ctjfrsV on- Tak* a few minuses to disruts what experiences, issues, wt 
discoveries you had during the lab exercises. 

• Experiences 

• Interpretations 
o Conclusions 

• Applications 
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Managing Initialization Files 


Managing Intliia teation Pies 


The emdronment maintained by the shell includes variable* that are 
definedbythe login program, the system initialization files, and the user 
initialization files. 

When users log in to the system, their ltgin shells look f«r and execute 
two different typos of ini ialization files. The first type controls II 10 
system-wide environment. The second type controls the user's 
environment The six shells available: in the Solaris f OE provide baafe 
features and a set of variables which the rc«t u.ser or a regular user can 
set in the in ilhilination files to customize the shell environment. 

Ihe shells support two types of variables: 

• Environment variables - Variables that provide informs! ion about 
the user's environment bo c\ cry shell program that & Juried. 

• Local variables - Variables that affect cSajihe current ^helL Any 
subshell started would not have knowJe^e of the*e variables. 

: v 

Introducing System-Wide InitializationlFiles 

| : i, 

the system admin'istral#r, you maintain the system-wide initialization 
£le& These files pm vide an en\iroimit;:ht-for the entire community of 
usefewhu log in to line system. ‘The ^dlaiis OE provides the system 
file*. 1'hey reside in "the /etc directory. 

The file and the /etc/ . legin file are the two main system 

initialization riles. 

.5 * 

Ihe Bourne, Korn, ond BASH login sheik ]mok fox and execute the system 
initialization file /e*c/profile during Itgin. 

Ihe C login shell looks for and executes the system initialization rile 
/etc/.login duri ng the login process. 

There arc no default global initialization files fox the Z or TC shell*. 


Pei forming l/ser AdntJnlalrsltor> 
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Managing In itial isation Fites 


Kole - The default files /ctc/P^fiaeand /etc/ .lo^ir* check disk 
visage quoln^ pri t the incssagcof the day from Ihe /etC/ 2 * 0 Cd file, ,tnd 
check for maiL None of the messages are printed to the screeA If live 
.hushl^gin file exists? in the user's home directory. 


Introducing User Initialization Files 

As the system administriitor, you set 14 ) the user initialization file* that arc 
placed in each user account's home directory when the user is crc,iud. 

The primary purpose of the user initialization hies is to define Ihe 
characteristics of tt user's work environment, such as t e command-lint- 
psompt, Ihe environment variable^, and thewindowingt r AiR>ryrnenl 

Only the owners of Ihe tiles or the root: user can change or custom!ac the 
o in ten L of t hejje frles> 

Table Itkl? yhou 1 ? the initialization files neoesftrirv fbreadi primary shell 
available in the Solaris 9 OE. 


Table 10-17 Initialization File?* for the Prinwvy^^lls 


Shells 

System-Wide- 

Initialization 

Files 

/ . vs 

. : . 3 

Primary &ser 
Initialization' Fites 
Keadal Login 

User 

Initialization 
Files Read 

When a New 
Shell Is Slait 

Shell 1'ath 
Nome 

Bourne 

■'sec.-profile 

ptn/. ile 

2Sy 


/bin/ah 

Korn 

/etc/frrtrile 

CHGK£/ -Profile 
$HCHEM!8hrr 

SlCHE .ksihz-rr 

/bin/Lih 

’ C 

/etc/_locin 

1 ___ 1 

SKlE/.c*Krc 

SMMB/. login 

;H3E: .csr.ru 

. 

/bic/csh 

1 



For additional information about the Z r BASIL and TC shells available in 
Ihe Solaris. 9 OE, refer lo the online manual }* 3 ges. 



Note - By default, the root user's login shell is the Bourne bheJL and iho 
shell entry' in Oil-: Zetc/p<3ic>r;v/cl file appears as /sbin/nl-L 
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Managing Initialization Files 


When a user jogs in to the system, the system invokes the user's login 
shell program. The shejl program jooks f#r its initialization files Jn a 
specific order,, cxcc.utes the commands contained in <vich tile,and displays 
the -shell prompt on the user's screen. 


Customizing the User’s Work Environment 



The Solaris OE provides a set of initialization file templates, Ihc 
/etc/gkeJ directory contains the initialization file templates. Table 10-18 
shows the default initialization file templates and the user initialization 
tiles tor the Bonme / Kern, and C shells. 


Table U-18 Default User Initialization Piles 


Shell 

Initialization file v '£yUser Initialization 

Tc mpJates ■ Files . Jjy 

Bourne / etc / s ke i / local . pro file il|pME /, pro f fla 

Korn /etc/skel/iocal.profile 

$HC&E/. uro,f f I e 

C 

/ yk= J. / local .eshre 
/ eiivi^kc 1 / local. login 

SilOlEX eshrt: 
$HOW. •gin 


■_ i _ , _ 

Note - The j^radd^prnmandfiles from the . etc/skcl directory 
to the $HGME directoryitfche ammma nd copies files from the 

directory to the SHOIZE directory and renames them to tire 
file names. 

HT " 



The rmmt user cm customize these templates to create a standard set of 
user initialization tiles. A standard set ofuser hritializalion files provides a 
Cimmon work environment for each user. When the r##t. user creates 
new user aceounts / some or al] of these initi alization files are 
automatically copied to each new user's home directory 


Usetscnn then edit their initialization files to further customize their 
envi romments for each shell. 


Farfoiming User Administratitn 

C^Dyriyht 2II& Sun Mfcrsi>*1ems, Inc. All*6§hLsR<*scr vuo Sun -Servi ces* R#vl3l:n A.2 


li-55 


























Managing Inibiafcati On Files 



10-S6 


Table 10-H shows of the variables available f»r customizing a user 
shell envirorm ent 


Tabic 10-19 \x >gin Variables 


Variable 

Name 

Set By 

Description 



Defines the user's login name. 

HC14E 


Sets the path to the ll*ct'£ -one 
directory 11 i* the default 
argument for the cd command ■ 

SHSTJ 

L»gin 

Sets the path to fl$e defau It uheU> 

PATH 

Login 

Sds the default ]&iEh th/il lln» 
slid] searches to find ttiirminmls. 

mail 

Uigtn 

Sets tlic pa§i to the user's 
mailbox. 

ZSK 

Login 

Dcliiies the te rminal 

bPDEST 

Natserbv 

default 

Sets the user'sdef auit pi inter. 

ETO 

Shell 

Defines the current working 
director) 7 , 

y.yi 

Shell 

J 

.^Defines thi? shell prompt for the 
hoimwor Korn shell. 


Shell 

t. 

Deb nes the shell pro pt lor I he I 

I C shell. 


% 

I 


Note - F«r complete information on all variables used by the delauli 

shells/ see die following man pages: s^(l), ksh <1), csh(l), ZS.H (1 ), 
Meh {1) / and tosh (1 ) > 


A user can change th*> v< luey of the predefined vari. ’ibl^nd specify 
addiliorittl variables. 
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Man-aging Imlli&ltzaiion Files 


Table 10-20 show* hcnv to set environment vaoahles in the utter 
inib^iization files of lln* Bourne, Kom, and C shells. 


Table 10-20 Selling Environment Variables 


Shell 

L&Cr'S Initialization File 

Bourne or Korn 

VRRIABLB=*valu& ; export VARIABLE 
For example: 

£$l='5X9Si7-*XE p ; expert PS] 

C 

setenv variable value 

For example: 

s e l. ciii’u r T iPPEST I as-er^ r tnr 
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Performi ng the E xege ses 

Performing the Exercises 


You have the option to complete any one «f three versions of a lab. To 
decide which to choose, consult the following descriptions of the levels: 

• Level 1 This version of the lab provides the least amount at 
guidar^e- Each bulleUd paragraph provides a task description, but 

you mu?t determine your own way of accomplishing each task. 

• Level 2 - This version •/ Lhe lab provides more guidance. Although 
each step describes what you should do, you must determine the 
commands (and Op tions) t* input. 

• Level 3 This version of the lab jfl the easiest to accomplish because 
each step provides e&vlly what you should input to the system. T'hfe 
level also include the task solutions for' ah three letets. 








% 



1i-54 


Intonme^i^te System Aiministiiatlon Ur the Solaris™ 9 •perating En^b'ottfnant 
Ccvfityt 2M» Sen MlCi kit. M ttgf* f*av*«a 3** tofeim A2 









Exercise Modifying Initialization Files (Level 1) 


Exercise: Modifying Initialization Files (Level 1) 

In this exercise, complete the following tasks: 

• Modify initialization file templates in the /etc/slcel directory 

• Create user rictounts that use the initialization files 


Preparation 

This exercise requires the skills practiced in the previous exercise. The 
user accounts that you create in this e*erdse are tf^uired in later actions 
thsi course. Refer to the lecture notes as necessary to perform thti tasks 
listed. 

Tasks 

Complete the fallowing tasks: 

• ModiJy th^jfcimplate for Bourne-shell users. Set the EDITOR io v ; r 
LPDEsTtopii.nzerl/EJOJiTlx^^ shcwrosde autoindcnc and 
nunCosr, and ENVto source the . ksJxrr file. 

: (^gs 1-3 in the Level f|lab) 

• the Solaris Management Console io create a new user n Ccount 
cnlled U9£r$ U>ni uses the Kom shell- Cog in -asthe new u&i?r, and 

• • verify llvat all the variables you set in local .prof i le arc sol 
correctly in th* riser's environment, 

(Steps 4-6 in the Level 2 lab) 

• Ctttfte a .kshre file for the neiv user account that include*; lwx> 
aliases and sets the primary prompt to echo the current working 
directoi\; Log out and log in again as (he same user to verify llvit 
(he Jcshrc file works- Lag out and login ^goin as the root usrr. 

(Steps 7-9 in the Level 2 lab} 

• Vsa the uaeradd command to create a new user account called 
us^rl 0 that uses the Korn shell. Log in as this user, and rcoord the 
list of initialization files in the home directory. Copy the appropriate 
file to Lite . profile file. Test the login to verify that the list of 
variables ia aef the same as those of the first user you cteated Lofc 
ant, and log in tV> the root user when vou are finished. 

(Steps 9-13 in the Level 2 lab) 
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Exer tise: Mo difyi ng Initial izatio n Files (Level2) 


Exercise: Modifying Initialization Files (Level 2) 

In this exercise, complete the fallowing tasks: 

• Modify initializati on file templates in the /etCr'frkel directory 

• Create u£.er accounts that use the initialization f:Jes 


Preparation 


This exemsc requires tlv skilly pracllced in the previous exetvi&o, 7he 
user accoiwte that you create in this exercise ate required in later sections 
of the course. Refer to the lecture notes as n^B&try t* perform the tasks 
listed. 

Task Summary 



* 

In this exercise, >^u accomplish the fo)l<Wing: 


• Modify the tac^^abe f r Soume shell users. Set die SlijtOR bo vL, 
t.PDLST to pzrir.ter^rEXEtfI ri to set skevimode auLcindent and 
nui\her. and EKV K> source the .*s£re file. 


• Use the Solaris Management Console^ create a neiv iwr account 
called , aser9th;H the Korn shell. Log in as the new uyer/and 
verify that all the variables you set in local .pref il- are set 
correctly in the user's emironnwrah 


• Ca .ksJrsrc file for the new user account that includes two 
aliases and &i£ th* primary prompt to echo the current working 
du'cctorv. L©g out and log in again as the same user to verify that 
the .kshre file works. Lag Put, and log in again as the rocc user. 


• Use the u^-raad oc^nmarnl to create a new< user account called 

user It that uses tlie Korn she'll. Log in as this user,- cuid record the 
lisl of initialization files in the home directory. Copy the nppropriate 
01c to the . pr#fil© file. Test the login to verify that the list of 
variables is set the same as tho*e of the hist user you created. Ivg 
outr and log in as the rocc user when you are finished. 
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Exercise: Modifying Initialization Files (Level 2) 


Tasks 


Complete the iollowing steps: 

1. Log in as ihc ?oot user, and open a terminal window, 

2. Change to tlie /eic/slcel directeiy 

3. Use the vi editor to edit the IcqfJ. .jProf ile file, and make the 
fallowing change*: 

a. Edil the lint? that declarer the PATH variable so that it reads as 
follow*, Enter this text as one line (no spaces). 


PATH=usr/skin: /thin: /vsr/sac3K\/bin: /uSr/d*/bir.: /usrj 
/usr/ccb: - 


niwirt/bin: /usr/biT*: 


Add the following lines below the PATH 5 ira liable you just 
edited: 


EDlTOIUvi 

LPDBST^prinfc^rl 

g x t iy y b e t: «honaod0 autoind«nt number' 

SNV?$HQMB/ .kdlire 

c. Change the line that raads: 




export PATH 

so dial it loads.: 

mo&cart PA13J EDITOR UPEEET CXU7I* ®IV 

1. Us 




Solaris Management C gnsok: to create anew' user account 
with gHfcfrllowing characteristics. Exit the Solans Maiingtirrunt 
Console when vou are finished. 


1 


User Marine; 

vseorS 

User ID 

iaos 

Primary Group: 

szaff 

Login Sin'll: 

Rcttj 

Password: 

1 ^ 3 l*ass 


5. Log out, and log in again as us^r?. Op*D a terrronal window. 

6. Verify that Ihc PA7K, LPDBST, eiitor, ex^iit, find ittV variables. are 

a ccoi'dillg to die change you made in the 
/etc/gkel/local, profile "file. 

•o diey ntak'h? 
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Exercis e: Mod fryin g tnfcjajtzatioft Ftes (Le v el 2) 


Create a f:Je allied .kslixc m user's hoiru? directory. 

Inseit the following lines. A splice fellows, the 51 *®$ in the List line. 


set -o noclcLber 
set -o lyjuTreoof 
alias Ji^luetory 
aliflfl c»clear 

psi^'Spwd* ' 

8 . 


f. 


Log out / and then log In ag<iin an users. Open terminal window, 
ttndverifv that vour new variables work. 

Do they work? 

Log out/ and log in aftnin as the root user. Use the useradd 
tHxrunand In oeate ru.^v user acco-unt called us^rlO with the 
Jellowng cVuiracterist Kfc: 


User Name; 
User ID: 
Priinrunr Group: 
Login Shell: 
Home f^irectory 
Cotnitjynb 
Passwoi 






U&erlO 
1010 
20 



< 


\ V? 

/«*-•-t/jlCKVO/ uSsrlO 
SA-239 s-udent 
c&ri^ecin 




10. Log out anti log in again ^userlO Open a terminal window. Whai 
shell initialisation files exist in your home directory? 

W^ih ot these are the s ane as /etc/s^l/local .profile? 

11. Copythe local .protile file to the .profi :^file. 

12. Log out and log in again as uaerlO. Verify that the variables set for 
the liserS? l#gin are alyo set i'er this login. 

Vo they match? 

13. Log out and log in again as the root user. 
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Exercise: Modifying Initialization F i/es (level 3} 


Exercise: Modifying Initialization Files (Level 3) 

In this exendsc, complete the f ollowing tasks: 

» Modify initialization file templates in the /etcr'skel directory 
• Create user accounts that use the initialization files 


Preparation 


This exercise requires the skills practiced in the previous exercise. The 
user accounts that you create in this ex«rofse are required in Liter sections 
of the course, Refer to the tecture notes as necessary to perform the tasks 
listed. 

Task Summary 

In this exererce, you accomplish the following: 

• Edit the ,*tc/ 5k^l/Tocal.pr»fiI e Fie so that it sets the PATH 
variable to* specific of directories. Scfcthe ttlTGF* LPOES" 
EXINIT, and ENV variables f^jgppr priate values. 

» • Use the Solaris Management Cnjifolcto create a new user account 

cailed user5 lhat u&es tlae Log in as the new user, and 

f*Mty thnL <ill the variables y*u^sctin l»cal -profile are set 
A ; p- ij&rrrctly in the u^er ^ envimnmenl. 

# O^f^^jt.kehrc fii e for the new user account tiiat includes two 

aiEB®£$g\d aeta the primary prompt to echo the current working 
director Log out, and log in again as the same user to verify that 
the .kshre file works. Log out, And log in again as the root user, 

• Use the userad<! command to cre»te a new user account calkd 

us^rlw that uses the Kom shell Log in as this user, and record the 
list ol hi tialization files in the home diiectary. Copy the afpiuprl*^ 
file to the .profile lile. lest the login lo verify thdt the liit of 
variables is sol the snme as those of die first user you created. Log 
out, and log ill as the -■■t user when you are finished. 


Performing User AtlndnlBtrallcn 
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Exerc ise; Mo difyi ng initia lizati on Fites {Level 3) 

Tasks and Solutions 


Complete the follow ing steps: 

L Log in as the r^cr user, and open a terminal window. 
2. Change to the /etc/akel director y. 


4 od /etc/«kal 

3. Use the vi editor to edit tiie local,profile file, and make the 
following changes: 

4 vi local.profile 

a. Edit the line thnt declares the PATH variable so that it roads as 
follows* Euler this text as one line (no space&)- 

PATO^/usr/abini/sl>in:/uar/Bate/bin;/uBr/dt/bin:/uBr/Gp*nviA/bin:/iis:Eykinr 
/uBr/ii<?b:. 


b. Add the following lines belotfribe ?M& variable you just 
edited: 


snrmp^i 


L0CeST=printarl | 

CXXJTTT- 'eet ahoraxrg autoi^T^nt number 1 
®IV^$hc© 2E/ .kahre 




c. Chongs tiie line lhat reads: 



W 


export PATH EDITOR LPPE3T EEKiTT ZNV 


4- Use il\o Solaris Managernent Console to create a new user wilh the 
• Iplkming Character istics Exit the Solaris Management Console when 
■ feu are finished 


User.Name; 

User ID: 




_^er9 


primary Croup: 
in Shelly 

Password: 


S'aff 


Korr_ 


5. Log oub and log in <\gairt as ^«er9, #pen a terminal windows 
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Exercise: Medifymg Initialization Fites (Level 3) 


6. Verify that the PWW, zDTUZ. £Zix*X and E2W variables on: 

scl according tv the change veu made in the 
/efcc/sleel/locAl .profile file- 


$ echo $PftTH 
$ echo $LPUs£T 
$ echo ftm TH jw 
$ echo $€XTBrrr 
$ •cho $HW7 


•o Ihev match? 


These variables should match the settings made In the local. prof i Le 
file. 

7 . Create a file called . tehre in ueerS's hefne directory, 

$ cd 

$ Vi. .kahre 

Insert the following Hoes» A spacdfoUows the in the last Hjm* 


C4t -O 

set: —q igpore«of 
al lag hahistnry 
alias c=clear 
PSl-' $PWD$ ' 


$ cd /t»xp 
$ cd 
$ c 
$ h 


m 


5. Log out ftiul thOHTOgip again as users. Open * terminal window, 
.rind verify that your neSsi variables work. 

1 

i M% s' ¥~.x 


ork? 



These vorvbit's shouldfunction according ft the iwhtes set m . ksherc. The 
prompl should reflect your current drmi&y,anJ the aliases sitouhl dear 
Ute scram and present a history Usl. 


Perfuming User AtJ»iinl»irat»on 
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Exercise: Mod ifying Initialization Files (Level 3) 


IjO" out nnd log in again as the roc: user Use the useradd 
command to create a new user account called userlJ) tvnth the 
iolkivving characteristics 


User Name: 

User ID: 

Prlmnry Group: 
Login Shell: 
Hame Directory: 
Comment: 
Password: 


uscrlO 

1010 

10 

som 

/exp^r^/hane/uscrlO 
SA-239 Student 
caucj^tin 


fr ufi^ra/ld -u UOHO -g IQ -d /hctta/uterxO -a -e -c *SA^239 

ShKtent" n&erlO 

64 blocks 
# passwd userlO 

l\w t>asswwrd; cMgwtin 
Ke-e_ncer n&d pass-tvc-Tri: can^tia 

10. Lag out/and log in again as Open a terminal window. What 

shell initial;2nlion h1t>$ oxist in ytfiir honCedirec l o rv ? 

£ is -1* 

.profile, loc.?al ,profi,^4 Laoal. lofin, local. oah'rc 

Whicl|pfthfrfw are the same as the /etc/5kel/lccal.profile I'ilo? 
ffite l&e&fus profile rt'ic- 

Copy thJt&cal .?rc^ila file tm the .profile file. 

$ cp local .prof il« ,pro£ll* 

12_ Log out and log in again as ussrlO. V^tt/y that the variables $*■! foe 
the login are also set for this login. 

$ echo $PATH 
$ echo $LFII££T 
$ fcCho ^g DT T O R 
$ echo ^k^XIJLLT 
$ echo $fw 

Du they match? 

These variable* diunld match the settings marie in lfu> laca I ,prof 11c 
file, 

1& Log out/ and log in afrain as the ro#t user. 


1 <h66 
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Exercise Summary 


Exercise Summary 


Di&cir&sion - Take a few minutes to discuss what experiences issues nr 
discoveo'e* you had during the lab exemses. 

• Experience* 

• lnftrpretatton& 


• Conclusions 
9 Applications 
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Module 11 


Performing System Security 


Objectives 




upen completion or m i$module,y 

• Monitor access 

• S%vitth users o n a system 

• Control system a< ess 

• Restrict ACQ&& to data in files 

Th* following course map sh wsliow this module fits into the current 
instructional goal. ^ 


m, 


Performing Uand Security Administration 


r^5!. 


■TT 11 

Performing 


^ -*r 

Perftymirip 

iJsor 


System 

A-arflinistiiHiicHi 


Security 


F igure 11-1 Course Map 


C^pyrflhtKasSLn Mkirflfl^Mrn , ■n c. *4 Rtytfcn tasrotf Sur-Serves* 
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Monitoring Syste m Access 


Monitoring System Access 

All sy stains t oulct be monitored routinely for unauthorized user na’e*$. 
Ynn can determine who is or who has* been logged into the system, hv 

exjeCllling cxnrnnand* and e^mming log files- 


Displaying Users on the Local System 


The Who command displays a 1 st of users currvnily logged in to the |o<:at 
system. It displays eavh user's login name, the login device f I IV pent), 
the login date and time. The command reads the binary hie 

to obtain this information and information about where 
the ufvtYS logged in from. 


If a u$*r is logged in remotely, the whe Lumiriund displays the remote hust 
name. Or Intemrt fYotecol (IP) address in the last columnthe output 


it 'who 


\ 

|L 

nssarZ 

pts/2 

?«b A 13:53 

ifiyci43) ||t ! 

rcct 

Fts/5 

Peb £% 09:22 

fl2S-.l47.Wa 3) 

rent 

Jfte/3 

Fsb ? 14**2? 


root 

coracle 

5 !Xf05 

ttO) 


l^e-^econd^lu:ld diHpl.iyed by Oil? who command defines the user's login 
de^icti^whicliis «iut c\ the following: 

• console - The device used to display system boot and error 
mnKays 

• pts - Jjjie pseudo device that represents a login or window session 

without phy^ii ot device 

• - The device physically connected to a serial port such as a 
terminal ora modem 



Note - The who commcind has many options, one of Vi'hich is the -fti 
option, The who jn ^>mmand outputs information rtbout only the current 
terminal window. 
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Motvtonng System Access 


Displaying Users on Remote Systems 

The rueers command produces output similar Id that of the who 
command, but it displays ft list of the users logged in on local and remote 
hosts. The list displays the user's name and theh»st'* name in the order 
in which the responses arc received from the hosts, 

A remote host respond* only to the risers command if its rpc , ruaerad 
daemon is enabled. The r&z . r-usersK daemon is the network sei'vtT 
daemon that MurnS the* Jist of users on the remote h#sts, 



Note - the hill path to this network server daemon is 
>u^/lib/netflvc/r users/rpc: r ruser 


The following is the command iArpfcit for the rushes command: 
rjEers -outlets L&stmjfrs* 


The ruaers -mfiomHOvi displays a long list+? the Ipgjn names of us*/s 
who are logged [jnjg lo c al Vind remote systems. ThcAUlput displays the 
name of the system into $dfdrh a user is loggedr the login devioo [TTY 
port), the logi n dnte and time, the id e time^pd the login host name, If 
the user is not idle^ no timo is displayed m- tiie idle tl.me field, 'I he term 
idle mehjifcihat the wer isnat actively doing anything at the time on iho 
terming, which would denote t^e user is probably at screen lock or <iiv<iy 
from the terminal. 

!l V 

ipi Jplp following la an example of the rusers eomrr^md: 


4 niBerg -1 

SencLng broadcast f*r otspirccS protocol 

version 3. 



xooz 

instruct or : console 

Feb 

5 

11:05 

5Cil5 

(: 0 > 

r+CT. 

inst:ci»ctcr;prs/5 

Feb 

e 

09:22 

27:38 

(129.247.4.13) 

rooc 

lnsrr.x:tor:pts /6 

ieb 

£ 

13:36 

5:08 

(129.147.48,219) 

root 

ins—JCtor: p t fl / 7 

Feb 

4 

12=36 

25:50 

(129.147.48.219) 

root 

instructor :pts /2 

Pefc 

6 

09:23 

27:10 

(129.147.4.131 

roit 

i:j»truct#r:pt 5/10 

FA1ft 

7 

07:35 

45 

Uishrbandit) 

root 

instructor tpta /12 

FeP 

7 

09:38 

44 

(liyhcksndit) 

root 

iriiLructor :PtB/H 

Feb 

7 

14:16 


(129,147,4.20 

user2 

sys44:pta/2 

F** 

7 

13:53 

45 

(instructor) 

root 

sysllext : f!nnsc J e 

Feb 

6 

13:17 

23:5-2 


user2 

*ye4i :pts/l 

Feb 

7 

13:45 

44 

(jji&Lrucbor) 

xooc 

sys41: pts/3 

Feb 

7 

14:32 


(instructor) 

Sending 

Jeroaccast for ruserac* protocol 

version 2. 
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M onitoring Sys tem Acc ess 


Displaying User Information 

To display detailed information about user activity that is either local or 
remote, use the finger command. 

The finger cumnviAd displays: 

• The user^ Jogui name 

• The hne directory path 

• 1 he login time 

• The login dev ice name 

• The data contained in the cemxrumt field of the /ecc/passiwti file 
(usually the user's full name) 

• Tl’ie login shell 

« The name of the host. if the user is logged in remoVefy, and any idle 
tone * %. C 

^ ' 


The following i*. the coitirn»nd formal for the linger command: 

f li :ger l -bfhi IrrpcsWl [ , , I 

finger C — 1 i [ iis&rnMnt&hostnanmr t j] 


The :n option matches arguments only an imajie (ivet the first or last 
name that might ap pear in the comment held of /aec/pc^swil). 

Te cf play imarmadon for us^i^ perform the command: 

£ £in9*r -m user© 

L*gin nanec us=ra in real li£=s Alpha User located in Office #4 

Directory; ^hcirs/uaera :ShelJ ; /bin/sh 
on sine© Bee 17 1 Or32:53 cn cenacle fr#m ;0 
1 aiinute 4? seconds idl^ Tin© 

Ua unr©ad ir^il 
Plan. 


If users croak; the standard ASCII files ^lar. or .preset in their l^xrra 
directories, the c»ntmt of those files is shewn Mpnrt of the output of the 
tinker command. 

These files are traditionally used to outline a user's current plans or 
project# und musl be created with tilt! access permissions set to 644 
(rv;-r—r—). 
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Moru toring System Access 



Note - You get a re$p<*nsc tom the finger command only if the 
£r_. fingerc daemon is enabled. 


Displaying a Record of Login Activity 


Use the .last command In display a record of all logins *md logouts with 
the moat recent Activity at the top of the output. The last command 
reads the binary file /var/^dn/vfa^px, which records nil logins, logouts, 
and reboots. 


Each entry includes the user name, the login device, the ho$t that the user 
is logged in tom, the dale and time Ihatlbe user logged in, the Ime *f 
logout, and the tola) login time in hours ami minutes, including entries 
fur system reboot tiiiHffs 


Ihe output of the _ast command cm beextranelv long. Therefore, >*ou 
might want to u*e it with th*> muster option to specify the number of 
lines to display. 


Ihe following if) an example of the lasr command: 


# la^t 

i 



user^ 

consol^ • ^ ; 0 

Yon Bee 17 10:31 

still ltg$ac! i n 

reet 

jits/4 129.147,4,12 

SSPfl&n 17 10:33 

still .oggod in 

usera 

console •%< 

17 10:32 

- 10:38 <0C:0S) 

reboor 

system iMot 

FifiSec 14 09:38 


(output 

—seated; 




You can use Ae lost command also to display iitfonnaton about An 
individual user if you supptV the user's login name as an argument. 


f lant useiS 

user9 ccna«i= :0 Hot. 17 10:3B still logged in 

CO^£Ol^ : 0 Fri Der 14 1C';I3 - 10:25 (00:07) 

(output 


'lo view the last five $ysk>m reboot times only, perform the comnv\nd: 


# last ~n 5 reboot 
reboot boot 

reboot systecn be# t 

rebeoc ^yv-t^Ti boot 

reboot system boot 

rdNot system boot 


Wee. Feb 20 13:20 
Wed Feb 20 13: 19 
Fri F^b 1 12:46 
Thu Ja_t 17 0?:02 
Tli- Jan 17 05:55 


1US 
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Moratori'ftg System Ac cess 


Recording Failed Login Attempts 


When a user logs in to a system either locally or remotely, the l#gin 
program consul is the /etc/pass'ivd and the /«fcc/shadovj fik& bo 
authenticate tilt user. It verifier the user name and password entered. 

If the user provides a login name that is in the /etc/passwd file and the 
oorncci password for tliat login name, the lofin program grants access to 
tlie s^tem. 

If the login name is not in the /ecc/passv?d file or the passwoid is not 
correct for the login name/ the program denies acress to the system 

You can log faded command-line login attempts in the 

/var/a^ Jtoqinlc^ This is a useful tool if you want to determine if 

attempts are being made to break into a bittern. 



By default, the •ginlog file d*es not exist. To enable logging, you 
should create this file with read and write permisoo ns tot therr^c- user 


only, and it should belong to the sys group 


.•ys 


# touch /v^x/ adm/loginlog 
Jt ch^wa rooti:SY« /v^r/adsi/lev*^ 1 

t r**wr>A 600 / v^/axte/loginLog 




Ad failed comnRipl-lins login activity is written to tills file automatiadiy 
rifttr five consecutive failed attempts, 


0he lo^miog fd^oontains one entry for each □ f the failed attempts. Each 
entry contains thfuser's login name, login devto* (TTY port), and lime of 
die failed attempt^ 



If there are fewer than five oonsecutive failed attempts, no activity is 
lagged to this filc- 
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Switching Users on a System 


Swiching Userson a System 


As the s,v*tem administrator, you shauld log in to a system as a regular 
user, and then 6Witch lo the root account aiily ta peifann administrative 
tasks. 

You should avoid Jugging in directly as the root user. Tills* precaution 
helps protect the aystem from mmilhariaed access, because i I reduces the 
likelihood that the6v$lcm will be left unattended with the root user 
logged in. Abu* critical mistakes are less Jikely lo accur if you perform 
routine wark as a regular system user. 


Introducing the suCommand 


the aommand lo switch lo the superuser or another user without 
logging out cind hack in as that user* 


The following is the command format tor the &u 


su - usEsnmmc 



If no user name is given? then die su command Attempts to switch to lire 
rpot user. 

fouse t||e su command, supply the appropriate password un lift* you are 
already ™*-root U60T, The root user can nm the s=»u command wilhout 
password:#. 



If the p s kSbword is correct the su command creates a new shell process;, as 
specified in the shell field of that user accaunt's /etc/passwd file entry 


The su - (dash) option specifies a complete login by leading all 0 / the 
user's shell initialization files. The - (dash) option changes your work 
environment to wtwH would be expected if you hod logged in dinxlly as 
that 3 *ecifted u &esr. It also changes the users home directory. 


When you run the su command, the effective user ID (EUID) and the 
effective gruuF ID (EC3D) are changed lo the new user to whom you hove 
switched. 


Access ta filos and directories is determined by the value ai the EUID and 
EGI® for tiie effective user, rather than by the UID and Cl* numbers of 
the original us«r who logged in to the system. 
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SwWd hm q Users o n a Sy stem 


Using t hewhcani Command 

The whta-m command displays the nume of the account whose 
authorization you have switched to, 



Nt>lr - The vr.oami cofninand resides in the /usr ueb director 1 ,'. 


For example, ueerl it lagged into the system under that login nocne Ihis 
user then runs the su command to become the root user and enters the 
root posswonci. The vto#acni command displays the user's actual 
authorization for accessing directories and files, for example: 


$ WhCHMfci 

userl 

$ pwd 

/e^qpor t/h^n>e /user! 

S fJU 

passwurd; :EnterP#*awr<? 

# whoapvd 
rc«t 

# P**3 

> export/ hcm:,e/ user 1 








Using the who am i Command 

To detevmm the l#gin name ct the original u*er,u*e the who command 
with th* : 4 


X 


To use tile who an i command, at the Shell prompt, type the su command 
and the login name of the user account £• which you wan! to switch, and 
Return. Typy tho password for the user account, and preas Return. 


Foe exam le, while lodged in as userl, use the su command to switch to 
•.iSftrS!: 


$ su uier2 

pa.s^w*r3: Ent&TPAmtvrord 
S who am i 

use_r1 j»ts/2 LJec 17 12 sift (129.147.4 „ 12) 

An alternative to the an i command h> the Who -m command, 


tl-t 
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Switching Users on a System 


Switching to Another Regular User 


lb SA-itch to another user and have thot user's environment, use ihe su 
command as follows: 

1. At the shell piumpt display your log'in name and path. 

$ who am i 

us^jtI leb t ft:3l 

$ 

/expert /hcir.e /us er 1 

2. Enter the an command with the dash (-} option and the login name 
of the user to which you want to switch. Then, enter the password 
for the user. 

$ eu - user? * 

Password: EntorP^^word. 

3. To determine the login name dfeie actual user, perform the irhoami 
comnvmd, and gmss Return. 

i u .i % &' 


$ whoami 

user2 


S W Aj. v 

4. To determine the current working rectory, perform the pw£ 
command. Hie location is the effective u$er^ hmrjc directors 


$ pwrl 

/ expor i /homo /usep2 


5. To display tlie ]%in name#/t^e original user, pei/orm the i 

command. 

| 

Feb 3 C3;3S 


$ who SB i 

userl pLm/l 

|||: ggSS Sjpf :■ ;a«- . 

6. To return to the original user stalus and h Sitve directory, perform the 

cfto«nand 

$ dxit 
$ pwd 

/ex^ort/herni-s /userl 
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S witching U sers on a Syste m_ _ 

Becoming the root User 


In the dohiult system configuration, direct root logins <\rv restricted lo the 
console. This means, that you cannot remotely log in to a system as 
To iwnotety log in to a h*st as Ui* root user, you must log in as a regular 
user and then run the su command to become the root uaer. 


To become the user, use the su coxiimand as follovi'S: 

1 . l*>g i n fr»m the login window as a regular user, such as usearl 

2, Al the shell prompt in u terminal window, perform the su command. 


Enler the ro*: password, 

$ mu - 

FaS£W«rd: Enter Pa.B&WQrd 


s who 

'! 


# whoami 
r#Ot 


# pwd 

/ 


3. lb dispLiy the original login, perform the«&* i Aommazid. 

L 

pts/4 Ffc£b 8 It :4ft 

4, lo determine In e L*gin name of the user to wKich you have switched, 
perform the ^rnosml cOfiunanrL 


5 . l o determine the cu/rvn t wxaking diraclncy, perform the p*d 
command. j* i. 


ft To raUjjw! root session and return fro the original user, perform the 
;■ exit cdBnamf. 


# «xit 
$ p*l 

/e>p#rt .'home/user 1 


1M0 
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Switching Users on a System 


Monitoring cu Attempts 

For security reasons, you must monitor who has been using the £u 
commands especially those users who are trying to gain root access on 
the system. You can initiate the inonitcuing by setting two variables in the 
. etc /de f aui t / su file. 



Note- There are many variables in the /etc/de faul~/su file. TTtisarurse 

present* only a small subset o/ the vaiiables. 


Contents of the /etc/default/su Fite 

To display the contents of the /^LcMe|adlt/au fil^perfqim the 
command; 

J-; - 

II caL /etc/dufaul t/gU 

titicr-t u.dd l.^f 93 /@i% SJfX* /* SVr 4.0 1,2 */ 

C?‘ 

it ^uucg deterirlr.eG th» lcca£i|ap< of the file use$rto log. alL 3U atL^np-^ 
BU[XX>=./var / ildm/ sulcg 


# CQMa#ii2 u^tenrjjjos Aether aitewr.s 

# to the niuLiteJ j ivice 

(*u_?ut edited f&r brevity! 

SYSLOO=raS 


to su t# TOot should be lagged 


f^vtlie preceding example, unsuccessful attempts to the su command 
to ai the jgpot ACWunt are logged t® the A'flr/adro/roessages hie. The 
l example ertry from that fik- 


Dec 17 12:35;47 sys41 ^u: llD 810491 auth«CritJ Vsi rcci* fai.ed for 
U^era. on /dev / Cts/2: 


priming System Security 
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Switchin g Users o n a S ystem ____ 

The Variable in the /etc/^efarait/su File 

By def nult, the system ignores the CONSOLE variable ) n the 
/etc7dte±:aulr/su file because of the preceding comment (i) symbol All 
attempts to use theou command are logged tm the e#nsole, regardless of 
sueCess or failure Here is an example of output to the console: 

Fefr 2 09t50:09 hcstl sz: 'su root’ fail-d for userl on /dew/pts/4 
Feb 2 09:50:33 IioslI eur 'su 1 succeeded for user:I on /dev/p“s/4 


When the comment symbol is removed, the value of the ct&SOLE variable 
is defined for tlie /cterv/cm^cile file. Subsequently, an addi ioiial line of 
output for each successful attempt to use tlie command to acoefs tlie 

root account is logged to the console. Here is an example of logged ^u 
common’id activity: 

Feb 2 11 12 # :#“/ hcacl *u: 'su root’ succeeded £orJuserl on /dev/pta/4 
SU 02/02 11:20 l ?C $/4 u£££rl -OOt 


The SUIO^ Variable in the /%Sj:/defaul£/suFife 

Tlie STJI.fG variabil in the /eti/defflu specific the n<\me of the 

ftlc> in which all a temple to-tis^the su command to switch t# another user 
are logged. If the variable is undefined, tlie su command Jogging t* turned 
olf. 



| W 

'•'Tlie /v»r/adi:i/5uio9 ide is; a record of all attempts by users on the 
system (Q execute tlie su command, bach time the $u cimmand is 
i utw-ii Art rttfV Inrti *> «ii1 C& fiio 


iFhe entries inthis file include the daic and time the command was issued, 
^^hether it was successful (shown by the plus (+) symbol hr success or 
tlie hyphen (-/ symbol fur failure), ihe device from which the command 
w-as issued, and, finally the login and the effective identity. 


The fallowing is an example of entries from tlie /var/adn/su log file: 

it mora /var/adm/nulo^ 

SIT 1#/2C 14:51 + COn^al^ roo“-0y,S 
SU 10/20 16:55 i ptZ/2 usq rl root 
SU 11/05- 11:21 - ptS/3 u3-vl-r*#t 
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Controlling System Access 


Controlling System Access 


Ihe more access that b available over the net i *'Ork, the more beneficial it 
is for remote s^tem u*cn?. (fMrever, unrestricted access and sharing of 
data and resources can create security problems. 

A local host's ivmole security measures arc generally based on fin ability 
tt validate# limit or block operations from remote systom u*wr«.. 


The /etc/def ault/login File 



\#te - Then? are mm*y variables in tiie /etc/dcfault/login hie. This 
course, prtr^enbsonly*’* small subset of the variables. 


The /ecc/dCria^lL/lo^ir- file establishes default parameters for users 
TvhenIhev log into the system. The /e=i-/«€r%Jt/iogin file gives you 
the ability to protect the roor account on a system. You can restrict rocL 
access to a specific device or to a console, or disallow z^ot access 
altogether. 




To display die contents oi’ the /ecxf^jefa&l^z/ file, perform the 
command: 


# cat: /•tc/dafa 


m & 

ty) 

&oc caci only l*gin on that device. 
C#cnt>cnt..|rt:hi^ line *ut to allow remote login by root. 


(•utput edited fer 

' ■ X 

f if Console if set, 

¥ 

# 

■roNEOiLE-^ev"/ e 


f PAS3cL^> daeezsriiies if login requires a 
* 


PASScl^YK 


Performing System S#cu rty 
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Contr olling Sys tem Ac cess 


The QCwNSCLZVariable in the /etc/default/login File 


You can aet the CONSOLE variable in the /stc/ctaf aulc/loffin file to 
specify one of three possible conditions that restrict access to the r««L 
account: 


• If the variable is defined as cO'J50L£=/«tev/consolfc! / the root user 
can log in o:\Jy at the system console. Any attempt to log in as root 
from any other device generates the error 


& rlocjin boatl 

Not on systcm Qir.sile 
Connection closet. 



1/ tin* variable h> not defined, such as ^CONSOtfc/aev/csnscle, the 
r*ot. user c.ln log in to the system from any de^ce across the 
network, through a modenir ox us-mg aii attached terminal. 


If the variable does *xit have a value a?«gn€d to it (lor cample 

OON^jcz- ) then the rocc user C3^ncf log in from anywhere/ not 
even the console, The only way to b&oome the r*et user &n the 
system is to K^fin as a regular user and then became r*ot-_ by using 


the su command- 



% 


Note - You can confine root logins to a partiailac port with the CJMBCKjE 
variable- F*r cx«irnple, cc&i$0l^/6^'tei^/a.pi>nnils the root user to 


in to only from apemtinal t^at is connected to Serial 

——--—- 


The PASSMiVariable in theVetc/default/login File 

1 

Wffeh the e^SSBIEQ variable in the *etc/cl^fault/A •gin file is set fco the 
default value of YES, then all users who had not been assigned passwords 
when their tocnuits were created are required H> enter a now password as 
they log in for the first time. If this variable is set loNt, then null 
passwords a/*> permitted. This triable does not apply lo the tost usar 
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Controlling System Access 


File Transfer Protocol (FTP) Access 

The Solaris OE provides an American Standard Code for Information 
Interchange (ASCII) fiie named /etc/ftoi/f tpu^axs, Tire 
/^tc.'ftpel/ftpasi^rs file lists the names of users who are prohibited 
from cocuwctihg t« the system through the FIP protocol 

Each line entry jn <hjs file contains a login name for a restricted ’uaer, for 
example: 


’ 4 PXTL5Z71 E“ 


l'he FTP server daemon in. ftp4 reacts the /^fe/ftpd/f tpuserfl file 
when an F IP session is invoked. 11 the login name of the user matches one 
of the listed entries, it rejects the login session and struts the icxjin 
failed esixir menage. 


Uy default the /^tc/ftpi/fepj.sery file 1'ists these system account 
entries: 


r#»t 

daHrrm 

bin 

pVo 

UUCP- 

nuucp 





lister 

tocos* 


noaucH'UHs 

^#Kty4 


As with any login name thrt you can add, these entries must match the 
user account names located in the /etc/paag-wd file. 

The root entiy is included in the file as a security measure. The 

default security policy is io disolknv iem#te logins for the root user, l’he 
policy is also followed for ithe default value set as the coi-7S#r.,E entry in 

the /etc/ief AUl(=/l«*ir: file. 
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The /etc/hosts .©quivand $home/ . r hosts Files 

Typically, when a remote user requests login accew to a I oca I , liie first 

file read by the local host is its /^tc/pass*dfile. An entry for thot 
par cular user in this file enables that uf^rti log in to the local hos-t irtm 
a remote ys tern. If a password is ri&aociated w ith tliat acctunb then the 
remote u*er is required to supply this password al log in to gain system 
access. 

If there is no entry in the local host's /•tc/pass’tfd file for the remote usee 
access is denied. 

The /rHr c/hosTs.ecuLvnnd Sl-HetE/. rhoscs files bypass thi* stondatd 
passw oni*bcV»d authentication to determine if a rem»tcuser is allowed to 

access the local host, with the identity of a l«cal fiser. 

I hese files provide a remote authentication procedure to make that 
determination. 

jT fc, ’ ^ * 

This procedure first checks thq* / et c/lios^s ,^qui v filch'd then checks 
lh<> SHGMl 1/ , x'h-iists file ii> the h or ne directory of the local user who is 
requesting access. The information contained in thest? tvu files (If they 
exist.) determines if remcrtroccera granted or denied. 

The information in the A*t-c/::ost£.. e^uiv J:lle applies to the entire 
system, while individual users ^an maintain their own $HtosE/ .rhests 
/ties in their home directories. 


M)pr7Tc^ateS/9imA^«r4si^a^iqrtheSotai^ ,H 9Qpemdr)9 Erngfonment 
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Controlling System Access 


figure 11-2 showa the flow of remote access autlientication. 



Superuser 


Password 

correct? 


Command? 


Figure 11-2 Remote Access Authentication 
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Controlling System Access 


Entries in the/etc/h#sts, «^uivand $h#I'SE/ , rh#scs Files 

While the /etc/h*ats . ^Tuiv and $HfME/ . rr.osts files have the same 
formal, the same entries in each file have different effects. 

Both flies are formatted as a list of one-line entries, which can contain the 
following types of entries: 

hosencuae 

hostL'lHife* zicz-&rndliT>e 




The hast names in the /etc/aasts ,e*uivand SH1GMB/ .rhos 
be the official name of the host/ not one of its alias rtomes 


; jfiles must 


N*te - When logging in t» a number at different systems, yo b can run the 
urajne -n command ta determine, oo'Which system you are currently 
logged in. * 4^ 


The /etc/hosts.equiuFfle Rules 


For regular users, tire /etc/ho&S(| .^tk> i v file identifies i«m«te host* tend 
remofeusers w tags re considered to be irusied, 

•■v, : hy\ , ;t W _ _ 

Note - TffC+ /ztipr.; hoses . equriv file is not checked at ail if the remote user 
reques Lin# jbs^tioCeSs is the root user 


if the local hast r s /^te/h^s-*. equivfile contairis the host name of a 
remote host then all regular users of that remote host are trusted and do 
not need to supply a password to I og in to the local liost. This is provided 
so that each remote user is kn*wn to tire local hast by hav:ng an entry in 
the local /crc/p4£*v,d Oc; otherwise, access is denied. 


This functionality is particularly useful for sites where regular users 
commonly have accounts on many different systems, eliminating the 
security risk of sending ASCII passwords over the network. 

Tine /GLc/'r.aa ts. ec.niiv file does n ot exist by default. It must be created if 
trusted remote User access is required an tire local host. 
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Contr§hin§ SystemAccess 


The $h#me/ .rhosts File Rules 

While the /etc /hosts . e^oiiv file applies system-wide access for aon- 
riit users, the .rhosts file applies to a specific user. 

Ail users, including Ihe root user, can create and maintain their *\vn 
.rhosts files in their h*rre direct»ri«. 

For example, if you run an rlcgin process from a remote host to gain 
root access to a local host/ the / . rhosts file is checked in the root home 
directly on Ihe Joeal host. 

If the remote host name is listed in this file, it is a lasted host, and, in this 
cl iso/ access is granted m ihe local bpst. The IgESOLS variable in 
the /etc/default/lcfin file must be commented;^!. &>r remote root. 



The SHUT-T^/. dim-riot exist by default. Y«u muslxcreate it in 

the user's home^tlirectory ! 
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P erformi ng t he Exerc ises 


Performing the Exercises 

You have the option to complete any one of three versions of a lab. To 
decide which to choose, consult the following descriptions of the ievols: 

9 Level 1 - This version of the lib provides the least amount of 

guidance. Each bulleted paragraph pnpvides a task description, but 

you nuLSt determine your own way of accomplishing each Laifk. 

• Level 2 This \xrsion of the lab provides more guidaneje. Although 
each step describes what yx>u should dm, you must determine the 
commands (and Options) Id Input. 

• Level 3 - This verson of the lab the css iest to accomplish bemuse 

i.\ich step provide*. exactly wlvit you should input to the system* This 
level cilso indlude* the task solutions for a If three levels. 
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Exercise". User Access (Level 1 } 


Exercise: User Access (Level 1) 


In this exercise, you complete the following tash« 


• Log failed login attempts 

• Use tile comma nd$ finger/ last, risers, su, and whoaitii 

• Examine the sulof file 

• Change the /at.c/default/l«gin file to allow r*ot logins from any 
terminal 


m Change the /ecc/fcpd/fcpusars f:l« to allow FTP access as the. 
root user 

• Create a / .rho$t* file to allow ro-^fc from another svfctem 

■%| V 


Preparation 


Th is lab requini two sysu^ms bach system, lists the other in its 
/ere inti/h^Rbs 1SU*. Thelab&teo raquiire two speofk users, and 

user3, on both systems. Both ii«rs sh uld use the password 123 pass. 
Refer to the lectun? nobs* as necessary to pcrfonivthe steps listed. 


Tasks 



: following tasks; 


f\ “ 


u.log file to record failed login attempts. Use the comcrumd- 
li|te login to rruTkc five failed login attempts. List the contents of the 
log fie. Use commands to display information foruseri? on both 
your system and Your partner s system. 


(Steps 1-7 in the Level 2 lab) 

• Identify when the first root login ^sion on your system occurred 
and how long the session lasted. Idoxtifywhcn your system last 
bwtad. List the U 5 *crs logged in on all sy^fcms on your network and 
on just your partner's system. 

(Steps 5-11 in the LcvlJ 2 lab) 


Perfoiming System Security 
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Exe rcise: U s e r A ccess (Levei 1) 


• Change your user identity from the root user to *userS, both with 
and without the (doshy option. Record the differences. List 

effective and real user identity dining your eu sessions. Locate the 

su log and identify' which user initiated your su attempts. 

(Steps 12-1£ i n the Level 2 lab) 


• As the root user^ attempt to log into your partner's sr* tem, Record 
eiror merges. Change the CONSOLE variable on your partner's 
system to allow rose Logins from any terminal. Attempt to accaps 
your partner's s vSti’rn again. 

(Steps 19-21 in the Level 2 lab) 


As the rcct user attempt to use the fc? command to access your 
partner's system. Chnn#? the Up pfnnissian^ file lo allow root 
access to your partner's System. 

(Step 22 in the Level 2 lab) |||. 

As tho root user/ attempt to use the rio^fin mmoA to access your 

partner's system. Ask your partner to omit a / .rrx&tx lile that lists 
your system nanu Attenipt to u**e the rSpgiri command to aocass 
your partner's system again, 

(Step 2$ in the tievKl 2 lab) 


' y 

✓ 
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Exercise: User Access (Level 2) 


In this excfdse, wu complete the following tasks: 

• Log foiled login attempts 

9 Use the commands finger, la&t r rusers, su, andwr.oaml 

• Ermine the sulog Me 

m Change tha /etc/ctefault/laqin hie tu allow rooL logins from any 
terminal 

9 Change the / 0 tc/fc?d/f tpusers file to allow FTP access* as the 
rcat user 

• Creates /.rhosts file to allow root access fr»m another system 

Preparation 

This lab requires two systems. Each sy^tc/n lists the other in il* 
/e-^/inet/hosta files. Ii ^1^0 quires two speciilic u&pfc user$ and 
user3, on both Both users should use the password 122pae*. 


Refer k> the lec&Se notes as nee 


form the steps listed.. 



Task Summary 



gi Create thie file /var/atf */lsgi.nl«g. Lfee tlie command-line login to 
make five filled login attempt. List the contend of the 
/vaj^a/ifci/loGinlog file. Use the finger command to display 
information for user9 on both your system and your partner's 
system. 

• Use the last: command to identity when the first roci login session 

un your system occurred and how long the sessfon lasted. Use the 
ast command to loam when your system last booted. Use the 
r-osers command to list die useis logged in on all systems on your 
network and on just yeur partner's s^tern. 
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• Use the c»mm^ind to change your user identity from the root 
user bo users, both with and without the (dcish) option. Rei-xxd the 
di/fororuies. Use th* whaarni. and vh* am i commands to 'iftt your 
efocth'e and real user identity during your su s*3K*on$v Locate the 
su log declared in the /^nc/defcault/su fUer and identify which 
user initialed your su attempts. 

• As the root user, attempt a session to y«ur partner's system by 
usij\g the telnet command. Retard error message Change the 
Cu?3CLE variable on your partner's system k> allow z-qcc loguv> 
from AOV terminal. Attempt the telnet session again. 


• As Ihe ruuL uscr^ attempt to use tire ftp command to access your 
partner's system. Change tin? /etc/ftpd/ltpOs^rt-: file to allow 
rtoc access ko your partner's Syrian. 

• As the root user r attempt to use the r logir.com^ferdto access your 
partner's system, Ask vour partner Ur create it / , fhosts file thM lists 
your system name* Attempt to use lh^ rlo^in command lo access 
your partner's system again. 


Tasks 



Complete the Jr#ll*wmg stepst 




\ 



1. Log in a« ih^ root user, and^open a terrrxmai window. Chmge the 

directory to feix/atdrL 

2 Usef the fc**jca command to create a file called lcginloy, (Unsure 
permissions are set to mad and write fox the r#*t user only,) If 
otreusaij^^ the group ownership to syss 

$. out. From the CDE Options menu, select Ihe Command Line 

‘ lObgJn option. When the COE login screen elects, press Return to 
obtain the command-line login p cwrf> t 


4. Enter roc- after the login prompt/ but supply an in^ertect password 
this five times, After the fifth attempt, the CDE login screm 
appear* again. Log In as root, and open □ termim ilvindow. 


5^ Examine the /var/ adW 1 ^=jini 09 fO e_ Wliat does, i t contain? 

6, Use the finger command to display information for the user called 
user9, What is the difference in the output between the fin^r- -m 
command and the fincr^x- command with no option? 
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Exe rctse: User Access (Level 2 ) 


7. Use (he f inger command to display infarmafton for the seme user 
on your partner's system. (You vs.il! need to reference your partner’s 
sysiem on the command line.) Try* this with and without tile -JC 
option. Dot* the option change the output that the finger 

ommand displays? 

8. Use the last Command to display login and system reboot activity. 
When did the first ro#t login •ceur, and how tong did that session 
last? 

9. Use tile last command to display only system bout activity. When 
did the system last reboot? 

10. Use the rusers command to list information about the users on a J 
systerna on your network segment. 

lt- Use the rusers conutund fm list infifarTroticii foe user* nn your 
partner'* * vs hem- Whem and on what ferninaL did the first user 
listed log in? 

12. Switch your user identity to that of users. Wo not use thy - (dash) 
option 

13. Pisplay some of the variables that define vour environment 

14. Ixil the *us>ii$a#£n and try to swildiirour user fdentity again, this 
bine using the ^\d«*h)H>ption. 

Arc the values reported now corr.>i:t ftt the user root or for us«r5? 

15. Use the whoanni and wh# eiv. i cemmrinds to lid vour effective and 
real user identity. 

;|| | ^hatdo commands report? 

Ufleihf su conuriand th'-change your user identity from user9 to 
t&lsr^anct use the whooni and who am i ommands again. 

What da these tommands report? 

Exit both su sessions when you. are finished. 

17. Change the directory to /ecc/defanlt. Cxamine the 

/^tc/defaul l/su file, and record the value of the SUIOG variable. 

Ift- Display the file named by the £ULWG variable, and identify the euty 
th^t relates bo your Iasi f=u cemmand. Is users or tlie root user 
identified as the user w ho became user3? 

19 As the user roou attempt to log m to voui partner's ayslom by us:ng 
the telnei comnMrui Was yeur attempt su cessful? What ilfie^age 
•appears? 
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Exercise: U ser Access (Lev el 2 ) 


2J. On your partner's system, edit the /ezc/^elault/lcgin file, and 
change the line that jtcjJs: 

L'Cii3Diz:- s^v/condole 

so that it reads: 

#coi\T#i &= i dav/ console 


21. A 5 the root user, again attempt io l#g in to y«ur parlncr'b *ybt*m by 
usin^ the telnet command. 1/ your l«gin attempt is successful, exit 
the telnet session. II not, check the change ym u made in Step 20, 
and try cigain. 


22 . As the xool user, attempt to use the ftp command t« access your 
partner's system. Wore you successful? Ask yenr partner to edit the 
/etc/£xpd/£tpua*r* file and cidunmt out the rcct entry'. Attempt 
to use the fvp command lo access \nour partner's system again. Ti*t 
some files in the /top directory from the £tp> pitsnpk 


23. As the root, user, attempt to use the r~_«gin tvenmaivi fc) access your 
partner '$ system. \Vt*nr you sucns^ul? Ask your parincriO incite a 
/ .rhoeL« (lie and enter the name of y+ur system on a line by ihttlf 
Attempt to use the r .exjin 
again. 



<Kxe«> your partner'* 
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Exercise: User Access (Level 3) 


& 


la this exercise, y#u complete the follewing tasks: 

• Log failed I ogin attempts 

• Use the commands finger, la sc, ruserc, s-^, and v;haaiui 

• Examine the sulag file 

a Change the /etc/default/lagin file to allow raai logins from any 
terminal 

• Ch<.ui£c the /etc/ftpd/ftFusers file to allaw FTP access as the 

root user JfKor- 

• Create a / . rhasts file to allow root access fern another system 


Preparation 


This lab requires two sy s teiflphai Us||aach other in their 
/« tic: / in =t7. / h-.T^ts files. It ^Is^fcquirestw• specific users, us^r9 and 
usoer3. on botlT%stems. Bdfch users should use the password 123pass. 
Refer to the lerftife notes'|$^e<&ssaiy to perfemi the steps listed. 


Task Summary 



9 Create the file /var/£adn-/lagird ag. Use the command-line login to 
make five tailed login attempts. list the contents of the 
/var/ac:n/lcginLcg file. Us* the finger command ta display 
ini ormatwn for ie er9 on both your system and your partner's 
system. 

• Use tlio la-t command 19 identify when the first rooi lignsession 
•n yaur system occurred and Ikkv I ang the session lasted. Use the 
la si command to learn when your sixteen last baated. Use the 
ruserc command to list the users legged in an all systems on your 
network <*nd on just your partner's system. 


& 
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Exerc is e: User Acce ss (Leve l 3) 


• Ua> the 5u ctmmimd to change your user identity from Iht' reel- 
user lo user9, boih with and wilhoul the - (dash) option. Record die 
differences. Use the v/r-casii and who air i commands tv' Jisl y#ur 
effective and real user idcnlily during your su sessions. Locate the 
su log decbnvd in the /etc/default/su file, and identify which 
user initiated your s u attempts* 


As the roo: user, a I tempi a session to your partner's s^tem by 
using the lnet command Record error messages. Change the 
CX2&XX£ variable on your partner's sv-slem to allow root logins 
trvim any terminal* Allempl Ihe lelnet session again. 

As the root user, attempt to use the f tp command lo access your 
partner's system. Change the /eve/ ftpd/ 1 Lpusex-s fiJe to allow 
root «icoe3s to your partne's system. 

As the root user, allempt to use the rlefl.'iirotnniand to access your 
partner's# system. Ask your partner tvi create a / , rhos ts file thnt :ists 
}^ur System name. Attempl to use the rl#gin cor |fe nd to access 
your partner's system again. 


Tasks and Solutions 


% 


■ t 

I 


Ccxmplcle the following 

1, Log in as tiro root user, and open a terikiintil window. Change the 
dj rt't I[ >ry %v j||y ar /adnv § 


if ed /var/adm 


2- UWthe co^ch command to create a file called io^i^iog. (Ensure 
peimi*ftons are set to read and write f#r the root user only.) Ii 
necessary, s^t the group ownership I# sys. 


# touch loginlog 
4 c*»*-d 600 l^r^^og 
i chtjrp sya loglxalog 


3, Log out. Pnom the CDE Opti#n* menu, select the Command Line 
Login When tlie COL! login screen dears, press Return to 

oblaiix the command-line Login prompt. 

4 Enter root after the Login p ompl, bul supply an iar#nect pa<sswanL 
Dv^ Ihis five times. After die fifth attempt, theCDH l#&in screen 
appear again. Log in as root/ and open a terminal window. 
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Exeicise:UserAccess(Level3) 


6. 


Examine the /var/ads>/T<^inlog file. What does k oantaift? 

Jlg< fiesitoitjd contain a t i si vffailed togin attempts idt ' id appear saw hr 
to theJdUcwing: 

leg;j::/iev/p^5/2 :T*ue Dec 18 13:2 ?t22 2111 

Use the finger command to display inltrmation for the user colled 
user?. Whnl jtf the difference in output between the finger -rci 
command and lhe finger command with no option? 


# fi^er u£er9 

it finger -n user5 

finder cvttmmmi with no opt'tofi lists oil user ticeonnts trial haw the 
string user in their names and comment jkldgMfa finger -ncamtihitid 
lists only tits entry for tlu‘ user named u&sr?. 

7. Use the linger command to display inionnafion for the same user 

on vour partner's system. (You ivili need to ceftieneeyour partner's 
sy stem oci the command line.) Try tli i s v>ith and without the ir 
option. IXxfS -nop lion change the output that the finger 

cnnunarKl display*? 

# f In^f ngfrr^ ^nat-nflwn 

# firmer -m usoci&ha&Cnamm 

No. $k 

8. Use the iaar command to display login and system reboot -activity. 
When did tlie first root kgin occur, and how long did that action 

list? 


# la*t 

i * 

M 


7 h's mjxmntiti&n depends on.(he activity on ^vur particular system, 


^ise the la&t command t# display only system bool activity. When 
reboet? 

S last TQha ot 

T7irs inforNiatiot) depends on the activity on your particular system* 

10. Use the ruaers command to Kst ii formation about the users on dll 
systems on your network segmml. 


P €M&%rr -1 


11. Use the ruHisrfi command to list information about theu*ero on your 
partner's system. When/ and on what terminal/ did the fir»t user 
listed log in? 

IF maers -1 hrus m/z/i w* 

This ittfer/naiton depends ot the activity §n jmtr partial!ttr system. 
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Exercise: User Access (Level 3) 


1Z Switch your u^r idcntiK te that of user9. ionot use the (dash) 
op Lion, 

£ \xser9 

S 

13. Display some uf the variables that define your environment. 

$ echo Sixx&iahb 
$ echo $H0*tE 

Arc tlie values reported correct for the user ro®t or for uoer9? 


root 


14. Exit the su session tind try to svritch your User identity again, this 
time using the (dash) option. 


•ari-t 

su - u$er9 
ocho 

mdho jb* 

/W hie values reported now cxmect for the user root or<kwr ua*r*7 

user9 

15. Use the whonaai and who m i commands to list your effodiv* and 
real user identitv. 


$ /usr/tldb/wh^anu. 

$ >/ho am i 

What do these commands report? 



Tht> /usr/ucb/whu ew& coimfunid displays the login n.wie m(itching ymr 
cffx'i-H iv if ID, *j:£ier9. Tlxc wlLxam i cofnmand displays the login raw 
nutcharg your real U1D, root 


16. Use the su command to dvmge yojir user identity hum uaer9 1o 
and use the vfoea-Tii and s*r_o an i commands again* 

$ eu user3 

?OSSWQ=fd: X23pess 

S 


Whal ihs ilif^e commands report? 

5 /u9T/ucb?whoami 


$ v/ho am i 


uGer3 


r««t- 
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Exercise: User Access (Level 3) 


Exit both £u sessions when you are finished. 

3 CTit 
$ exit 

if 

17. Change the directory to /etc/defaulr. Examine the 

/ets/defaul.c/su file. ai\d record the value of the SULDG vnriabie, 

# od /etc/default 

# WOT*© £Tll 


/varVadft/aul0£ 

IS. PispLly Lhc file n,rimed by the S(JL»G variable/ cind identify the entry 
that relrlM to yOur last su command, Is users or the rOQT uaer 
identified ns the user who became \ isg ^ 3 ? 


# cat /vaar/ad&a/eulo^ 


rect 


19. As theroot u^.allempttologin k>\xajr partner's, using 

the icImI; oomnvind, V\hg your attempts iccc^&fut? Wh;*t message 
appears? 

* telnet ho&Tnam* 


SunOS 5.5 



laflni root 
Password; c&n$etln 





I7rc dfhv/jpf Jf/rti/s i7Hrt tfxc system 


scuds the 



Hieper^si 

nol cn gystem coracle 
Cr»inecLior. clotted b/ f*reicjn best. 

2j0l On your partner's system, edi t the /e^detauic/iogin file, and 
change the line* that reads; 


CX2>IS#ia^/de^/oer.£e€.fc 


so that i t reads: 

#CCN9»LE^/de : -/c*nsol« 
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Exerc ise : User Acc es s (Level 3) 


21. As llitf root user, <i£ain attempt to !•£ In to vow partner's system by 
us.tn£ the command. If your login attempt is successful, exit 

the teln^z session. If not check the change v#u made in Step 20, 
and try again. 

* zmln&t hast 

(telnet connection nveesages/ 

SunOS 5.9 


lOQxr-z roc* 

Password: c&ng»tin 

Last l®gin: Fri Feb 9 Q 8 :i 3:17 irerr sys 41 

ilu/i Microsy^tej:^ Inc. SinOS s$l_54 May 2112 


t «it 

Connection c osefi by foreigr. best. 


11 


22. As the root user, attempt to use ftp command to access your 
partner's system. Were you succeed 1? 

\p P you $*h>uld reemi f/k: Login inco^r^cr . Lo y It: 

tailed. 

Ask your pariher to edit the /etc:/ t^.pdVf tpun^r& fileand comment 
out the jcoot entry. Attendpt to use the ftp «owiuw»d fc> access your 
partner's system again- List some files i nthe /□*?> directory from the 


■>;r .:-'Vi?^iVl fcipfas SWC/J 




dtidbcache_: 0 

f F vc - c: ; a S k40 -‘ 

: IfcerkoyaiiilocK 

23. As the root- user, attempt to use the rl#gincu<pn\and to access your 
partner's system. Were you successful? 


Yous/fcwfr? tfof to use tius rlosin comwmd to directly Access 1 ./our 

parhicr'ft s ystem. Vow should bo jWomptedjw <r /Mssrtwd. 

A*k your partner to create a / ,rhO£t£ hie find enter the n ame«f 
your system *i a fine by itself Attempt to u$e the rlogin command 
k> access your partner's syste m 

You should he abte tv use the r icq in command W log directly in to your 
partner*$ system uam 
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Exercise Summary 


Exercise Summary 



Di&cussiun - Take a few minutes to discuss what experiences, issued or 
discoveries you h?id during the Jab excrossa 

• Experience 

• InteipSYtalions 


9 Conclusions 
• Applications 
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Restricting Access to »ata>n Files 


Restricting Access to Data in Files 

After you luive established login reslrwlions, Ihe next task is 10 cun£rol 
gneiss to the d/rta «n the systems. of course, some users need to he 
allied Id read vatfous files; other users need permission to change and 
delete file*?, and there arc some files tH.nt no regular user should be nble to 
acess. 

Users who need to sharv hies should be in the same group in Ihe 

/OLO/grou9 file, 



Note - l n general, you use file permmojtf lr> determine which 

usees or groups havr permi ssion lo read, mcxlirA^or cfejbeie files. 



Determining a User’s Group Membership 

I pjjjL:. 

The grcnjtpg command display! gixuip rnenpershipsi fur the user. 




The command format for Ihe groups command is: 


groups l ^^e.f7xajs^||||| 

i*I 

For exampJt*, lo se 
command: 


b which groups you are a member of, perform the 


I yiuups 

oLher root Edn sji||p&n uucp snail t"Y lp nuucp daKnon 


lb fet the groups iu which a specific iwer is a member, use the 
command with the usct's name, such as as an argument. 


£ groups ua®r5 

atalf class sy^acimn 
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Restricting Access fo Dala in Fites 


Identifying a User Account 


You use the id «ommaod to further identify users by listing their UID 
number, user name, GID number, and gr#up name, Ihis information is 
useful when you are troubleshooting file access problem* for users. 

The id command h!m> returns the EUIB number and name, and the EG1D 
number and login n<ime. For example, if y*u logged in as user 1 and (hert 
used the su command lo become user4, the id command report* the 
information for the usex4 account. 


The command format /nr the id command is; 

id options l ±s*rn£u&£ 


To view your elYeclive user account* perform the command: 



S Id 

uid=101{userl) «idr3C3<€ia£S> 

To view account information for a spedfir ustr, a dser login name 
with the id command;.. 

S id vtserl 

uid-lDl (userl) gid=30D{cltiaa) 

jfc . : -• \ 

To view Irifornmh'iun alnutf the secondary groups of a user, use ihe a 
option and n user l#gln name, auch as userl: 

$ id -* uawj: 

uid-LOl y userif}.; &£d-3GO groupc=14(sY&a^rvir.) 

Changing FMe and Directory Ownership 


You might need to use the chown «ju\mand to change the ocigmnl owiner 
•f a file or dinectOiv to another user account on the syshm By default 
only the root user can change the ownership of a file or directory. 



Note - Regular u*ers can be given pcrnussfon to u*e the chown command 
to change the ownership of files and directories owned by them, Edit the 
/etc/sy^t«n file, mid add the parameter: seL xs^cihni<Ti-0 (zeroJ. Y#u 
need to reboot the system for the changes tm take e/fecL 
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R estricti ng Acce ss to F ata in Fite s _ _ _ 

3'he command format for the chc-wn command is: 
chown cpzio; i(bJ filcnana (s) 

or 

chov^i optimist V1D fiicjysnm'sj 



Note —The user must exist in the ;: passr*-^ fik 


In this example/ a user mmed us^rl created a file called i ile7, 


* cd /cecport/bcrae/ussrl 
tl£ -1 fil#7 

-rw-r — r- 1 user 1 szaff 


£72 "un,! las 11 file 7 


8= : .. 

.. I 


You can use the cirsrwr.command to give owntfehip of tfiH filfc to a new 
user named U3er2. You use the is command %o verify the new 
ownership* & 

III. 


Stat 



£?2 Jun 1 15t 12 


file? 


tt chown \i3«r2 file7 
# Is -1 fu#7 

rw-r—r— 1 j^erZ 

a 

? • !j| 

A/te&thi# sequence oi' oirnmands. thi' lile is owiMd by user2. This rfile is 
still kithe r.orvz directory SPEaerL The hv# users need t» determine if the 
file should be moved loa new diied#/y location. 


Th& Qv\TiersKj^t|&f subdirectories cun be changed In the same manner as 
file^/ as shown in the following examples: 


In this example, us^rl owns a directory called <LLr4- 

$ If -1R dir* 

dird: 

total 0 


-r*r r- —it— 

1 ^=r\ 

staff 

0 

Rtor 

19 

15:05 

filel 

-rw-r--r— 

1 jserl 


0 

mt 

19 

15:0$ 

tile2 

-xw ^ — r — 

1 user! 

otaff 

0 

14ir 

19 

o 

. i 

Iile?3 


$ 
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Restricting Access to Data in Files 


You would use the chjcfc*acommand with the -R option to give ownership 
of this dinMory ond all of its contents (files and subdirt'ctorres) to user 2 - 


$ chown -R us ex 2 d£r 4 
$ Is - 1 R dir 4 

dir 4 1 
ratal 0 

-rw-r—r— 1 user* staff 

r* T -r - - r - - 1 -j^er2 Sia.ff 

-t\v-.3r--r— i user2 scatf 

$ 


0 Mar 1? 16:06 filel 
0 Mar 1? 16:06 file2 
0 Mar 19 16:06 fileJ 


The -R option make* the chcv/n command recursive. It descends through 
the directory and any Rubdi rectories setting the ♦fcner^hip UID number 
as it moves through ttie dicectorv hiararchv. 

The command can alzm change both the individual and grwp 

enmerehip of a (ileor HihdirectaysnnuiLinsR^ly- 


$ chrmn user3^class til«2 


Additionally, you can use the -r option to dracvndsa directory hierarchy 
recursively, changing individual and group ownership of the directory 
<*nd its contents frimuifaneously. Thefol awing example demoARLiYitos thi* 
kind of i luinge to the dtrT dm-iLtftty. 




-pw-jr^-T — 1 usor3 


1 ue^rl cla r J-.- 

1 usar3 z Lar.r. 


0 Mar 1? 16:19 filel 
0 Meut 1“ 16:19 file2 
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Restri cti ng Access t « Dat a In Files 


Changing File and Directory Group Membership 

Th«e ch^XT* c«mmorul can be used by the uwr or tlte filers owner t# 
change the group «wnersliip «f files ond directories to anotlier group on 
the system. However, the file *w7U?r must also belong to the new group 


Note - Regular u$i>r*> can be given permission to uae thv chgx^ command 
to change a file's or directory's group ownership to groups of wltitfll the 
astir is not a member. Edit the /ebc/B'y'stsrn file, and add a parameter; 
set rstcli^ii-v (&eio). V®u must neboot the system for the changes to 
lake effect 


I he command format for the c*hfrp command i*: 
chgrfr ^•upna>T5€ is) 

Of" 

chgrp U2 flleriwsm '«?/ 





Note - The garoi^T,.*^! must east in ilie etc jl .up file. 


‘ i ■ sw» • i 

For wifcggle, the £i e file currently Is a member of a group named 
staff, r 


# la -1 file4 

-Tv-r-rf-r— 1 -sen 


staff 


,674 Jun I 15: OS tile4 


- • /You wotj^yftjjrhe chflxp command to give this file to a new group 
ncimed ci^^Bhd une the Is c^mmnnd to verify the new group 
owneiship- 


# cbgrp class f 11*4 

# Is -1 file4 

-n^^-r— i u **il class 874 dun 1 15:09 fil^4 

# 


When you are finished, all users who one members of the group called 
class have nead and write access to this hie. 
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Restricting Access loOaiain Fires 


Using File Permissions 

Three types, of specie'll permissions are available for CkOcutrtble files and 
directories. These are: 

• The z'.ez'LLo, permission 

• The sebgid permission 

• The Sticky Pit j^nj\issiof\ 

The sc-uid Permission on Executable Files 

When the set-user identification tsetuid) permission is set on art 
oxHeutciblf file, a user or process that runs this exeeutobh' file is granted 
access based on the owner of the file (usuailv the root user)/ instead o( on 
who started the executable. 

This ^tting allows a .user to ettvess files and directories that are typically 
accessible only by the o&vner of the executable. Note that many executable 
programs must be run by the root user, or by sys or bin to work 
pnopedy. 

Use the lc command lo check the g^tv<id permission. 

^ Is -1 /uJr/ixin/su 

r ar-Kr-w 1 r*c-t sys 22292 Jan 17:49 /usr/bin/su 

The s ecu id permission displays as an "s" in the owner's execute Jicld. 



Note - If a capital appears in the owner's execute field/ it indicates 
that the seL_idbit is on, and the execute Ht "x” fox the owner of the file 
is off or denied. 


i h> tcjstZ user And the owner can set the setuid permissions- on an 
executable file by using the *;hrnod cornnreund and the octal value 4 1^4. 


For example: 

?f chrood 4555 aMecuca&le film 


Except fox th»se sc^uid executable files that by default in the Solaris 
OE, v#u should disallow the use of setuid programs or at leasl cesfiiit 
their use. 
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Restricting Access lo Data in Files 


To search for files with setuidpermissions and to display their full path 
names, perform the command: 

♦ find / -r^D -auqo 


The setgid Permission on Executable Files 


The set-group identification (netgid) permission is similar to tins setuid 
permibbion, extepl th/it when tlie process runs, it runs as if it wen; t* 
member of the aiime group in which the file is a member. Also, jiceesa is 
granted ba.sed on the permissions assigned tu that group 


For example, the write program has a setgid p^Eiro^sion that allow* 
usees to send irtes&agjto t© other users' termitvils. 


Use the is command to check the permission. 

■ 

l Is -1 Aiar/ijdnJvtrLt* 

-r-x?-zr-x 1 roo- tty m 1J0H4 Jar. 15 17;55||px/bin/Mrite 

The set^id permission displays as an in die group* execute field 



Mote - If d lowercase letter u l^£ppe$re in the group's execute fields it 
indicates lh; tthf setgidbit is on, and the execute bit for Ihe group i* off 
or demtkiTtliiy indicates that mandatory file and record locking occurs 
during file ftfce^for those programs float are written to request locking. 


i The rocc user and the owner can ^et se ter id permissions on an 
executable file by ufring tlue chi i*4 command and the octal value 2# ##. 
Here is the command-line format 


* chnud 2555 ffl®cueaW©_£tle 


The se^~sid Permission on Directories 

The Kecgid pt-mufisiofi is a u^"iul feature for creating shared dimlurir*. 

When a ssittid permiirsinn if.. applied to a director}? files crtvilcd in the 
directory belong tlie group of which the directory ib a member. 

For example, if a user Inin write permission in the directory md creates a 
file there:, ihut fiJe is ft member of the same group as the directory »nd not 
the uber's group. 
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Restricting Access to Data in Files 


To create a shared directory, you must set the bit using symbolic 

mode. Here is the format for that m»de: 

# cbrood 

To search for files with se^fid permissions ajid display Ih^it full path 
naniey, perform the command; 

# find / -p«na -2000 


Sticky Bit Permission on Public Directories 


The Sticky lit is a spec.al peiniissibn that protp^the files within a 
publicly writable directory. 


If the directory permissions have the Sticky' Bit set., 'a file can be deleted 
only by the owner of the file, the owner of the di rt^toiy, or by the root 
user. This prevents a user from dele^fig ether users't^Mfc frem publicly 
writable directories. 


: la ro *■ 


Use the . 
permission sef;f 


7T Is -Id /cur 1 
ibritfxiTwxxv/t 5 root 




and to determine i#a director/ ha&the Sticky Hit 


713 mr 31 03:304= /t*v 


Ihe Sticky fcit displays as the tetter "t" in the execute field for otlw. 



Kote a capital v r appears in the execute field for other, it indicates 
that the Stick v lit is on; however, the execute bit is off or denied. 

is s -—■»— ---—-- 

H | 

The and the •wner can set the Sticky fiit permission on 

directories by usiii£ the cbrr^d command and the octal value 1 ft th I lere 
is the command-line format: 


4 chnvod 1777 public—disr&ctozy 
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Raveling Access lo Oatain F iles 


t fittd / 



Hi ecarch fer directories tl\M have Sticky U it permissions and display I hoi r 
full path name*, execute the following command: 

-type d -p*rai -1000 


Note - For more detailed information on theSdcky B& execute the 
st.cky command. 
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Performing the Exercises 


Performing the Exercises 

You h«w |he option to complete any *nc of three versions of a lab. To 

decide which t# choose, consult the following descriptions of the li'velS: 

• Level 1 Tltis version oi the lab provides the least amount of 
guidance. Each bulleted paragraph provides a task description* but 
you must dele«niiiE> your own way accomplishing *±Kh task 

• Level 2 - This version of the lab provides mo to guidance Although 
each step describes what you should do, you must determine the 
commands (and options} to input. 

• Level 3 Mite version of the lab is the easiest to accomplish because 
each step provides exactly what you should input k> the astern. This 
level ako includes the task solutions for all three levels. 
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Exerci se: Restr icti ng Access t o lata on Sys tems (Le vel 1 )_ 


Exercise: Restricting Access to Data on Systems (Level 1) 

In this exercise., voli complete the following tasks: 

• Practice using commands related to user identity and hi* ownership 

• Assign a user to the s^acfc&n group 

• Assign social hie peimissiorvs to files 


Preparation 


Refer to lecture notes as necessary to perform the stejss listed. 


Tasks 




Com Icte the following Jssks: 

• Using the rominifmdh -^rcz^ ted in thfftH tm'e, identify the groups of 

which ixzcz j$ <i member. I'ornpave the§tji-ut from these commands. 
Add a us*?r cKccAint called user 11 witltw usera^d command 
Verify the list of groups of which mx*rl l is a member Use the 
5oLarLs Manageme t Console to create a new user account called 
UG€.-rl2. Add ustirll to the group- 

(Steps 1-7 ui the Level 2 lab) 

• Lpg in as ^s^rll and create a new file called filel. Attempt to 
change i tst t?er ownership. Record en*r merges €hang the group 
owhig^hip of tilel to sysadJuizv Switch the user identity to the 

rcct’^CJ*, find change ownership o/filel to usoil2. 

iStcpe 8-11 inthcLcvsl 2 lab) 

As user'll# create a new hie calle iile2. Set setuid and setoid 
permissions on 1-1*2 Kmov* ail «*ec\xt*> pemuss ions from 
Reccttd the permissions listed you change them. 

(Steps 12-15 in the LlwcI 2 Icib) 


11-4* 


Inlsrinedlale System Administration for tho Solaris™ 3 •grating Envir«nm*ni 
Copy*ghl 5013 Sun Vic-'osyfclwiiK Jnc.AII Rlphla Reserved. S 1*1 Services. Ravkikm K 2 









Exercise Resecting Access to Data on Systems (Level 1} 


• Record the permissions aaodated with the /tap diiy* toiy* As 
-user!-, creole a new file called tescl in the /top directory, As 
ucerl2i alU’mpt Id remove this file- Record the result As userll, 
c reale a ]lew directory called dirl in /eo^rr/norae/ userl-, Sd 
permissions for the dirl directory to 777. Create a file called teszl 
in the dirl directory, As userl2 attempt lo remove this file. Record 
the result, Log in agnin as the ro#t user. 

(Slops 16-21 in the LovcJ 2 lnf>) 
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E xercise: Restricting Acces s to lata on Systems (Level 2 )_ 

Exercise: Restricting Access to Data on Systems (Level 2) 

In this exercise, you complete the following tasks: 

• Practice using commttcids related to user identity and file ownership 

• Assign a user to the sy^a^min group 

• Assign spec^l file permissions to files 


Preparation 


Refer to lecture notes as necessary lo perform the steps listed. 


Task Summary 


In this exercise, yu accdhiplisli^hc following: 

'"y - 

• Using the commands groups, i< and lL ei, identify the groups of 
which the no#t user is a memker. Compare the o^t|yit from these 
commands. Add a user account -called u&erl.l vHi-ii the useradd 
command. Verify the list of grange «f whie& user-11 is <1 member- 
Lse the Solaris Management Console to ccedtc a nevi ? user account 

IS : tailed' User|2. Add user 11 to tire ^ysadn:i:s group. 

• Log in^fj.^ill and create a new file called si lei. At:empt to 
changelljftiser own«fthip. Record eiror messages. ChaAge the group 
OwneSi^^filel to s\«adrrjLo. Switch your user identity to the 
rx;#t uate^: £rtd change o^vj^rship «f fil^l to user-12. 

• As user".*; create a new file called £11^2. Use the cbmod clmmand 
to set set^d and seegid permissions on file2. LTsethe cbcuod 


command K> remove all execute permissions f»m file2. R<>c#rd the 
permissions listed as you change them. 


Reccncl the permissions associated with the /trap directory. As 
userll, create a new file called t-^stl in the /ticip directory. A& 
user 12, ntiecnpt to remove this file, Recond die result, As ui^r-ll, 
create n now directory called dirl in A-ccport/lTO^^e/userll, Set 
pc mil sfjnns for Lhc dir-l directory to 777. Create a file called Ccst2 
in tlie dirl directory. As user-12 nt:empt to remove this file. Record 
die result. Leg in again as the - out user. 
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Exercise: Restricting Access to Data on Systems (Level 2) 


Tasks 




Complete the f©Mowing steps: 

1. Log in as the root user, and open a terminal window. L'se the 
groups command io dLsjiay the groups of which root is a member. 
Record the list thai the troupe command display’s. 

2. Use the ic. command both without and then with the -a optioxv 

•oes the id command report the primary or a secondary group for 
the root user? 

Compare the id -a command output with that from the groups 
command in Step I . What additional information does the id -a 
Command provide? 

3. Use the useradd command to create a new user account called 
U3erll with the following characteristics: 

User Name: ustrll 

: -v-i ^ 



LserlD: 


Primary Group: 1L 

Login Shell: ■. 


II JHoinc: Directory: /expor t /homo /user 11 





zk gj^ien a terminal window, and launch the Solaris Management 

C#iis©le, 
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Ex cise: R esld ctins Acc ess t o Data o n Sys tems (L e^l 2} 


11-*8 


6. •fmn the User Accounts tool. Select Add Ua*v from the Action 
menu. Then select Fr*m Template. Create a user account from the 
following informati#n. Exit the Solaris Management Console when 
you are finislvedL 

User Name: us&rl2 

User ID: 1C12 

Password: 123pa=& 

7. l : rom a terminal window, use the usermod command to add us- 2 rll 
to group 14. Verify that the change took pLicu. L*g out. 

&. Log in as userlk Open a terminal winder and U-^e th? touch 
command t* create a EIl; called ti Id, Verity- thatttserd and the 
group frUiff own ffilel. "& 

Attempt to cltangc the owner of f i 1#1 from u»e-rll to uaerl2_ 
What error corsage displays? 

It. Attempt to chimgc the group owm^ip of file? l frtfm a.af £ to 

syscidnd n. Vfcgafy ihc change, Did it wlf^k? 

*• 

11. Switch your user identity *o the root user, and change Che directory 
to / 44xpcvrt^hano us#t 11. Change the owner of f i lei from vserll 
to uaerl2. Verify the change. Did «t w#rk? Exit vour su session when 
Vouare hnSSied. 

fe, '■ 

12. here.e directory for riser 11, use the touch command t<> Create a 

file catted file2. Display and record the permissions associated with 

13. Use the ch$K.d command t» add eetuid and execute permissions to 
fi PispJay curd record the purntissirms associated with fi le2. 
What changed? 

1-L Use Ihe crj»od command to add aexrdd and set^id permisions to 

iil«2. Display and nxord the permissions associate*'J with * il^2. 
What changed? 

15 Use th-e chtrodcommand writh a*ta3 arguments to remove all esoecute 
permjSiians from £ i le2. display and Tecurd the pctmi s^dons 
associated with £11 «2, VVhat changed? 

16. Oiangg the director* to / (root), and li*t the pennis6iont< associated 
with Lho - t-^np directory. Is the Sticky Bit set on /atx:? ®o nil users 

hwe write pernit^ion in the / directory? 


htem^^ledy^EemAifministiBtonlormdSotaos^dOparaling Efivrirmenl 
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Exercise Restricting Access to Date on Systems (Level 2) 


17. Change the directory In Create a file called cescl in tl>e 
directory Verify thal userll and the group staff own cesll and 
that 644 (r* x r ) permiaanns apply. Wo they? 

18. Switch your u$er identiy lo user 12. In the /tnp directory, attompl 
to remove the teistl file. What messages appear? Exit your bu 
session u>hen you are freshed. 

19. In tie home directory for ^serli, create a directory called dirl. 
Change permissions fertile dirl directory lo 777. Create a file called 
test2 below the dir 2 directory. 

20. Switch your user identity to Attempt to remove the- file 

from the dirl directory. Verify that^iie tes^ file no longer 
exists. JKxil your su session when you are finished. 


21. l>#g out and log in again as the root user. 
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Exerc ise: R est net a~tg Acce ss to Data on System s (Le vel 3) __ _ 

Exercise: Restricting Access to Data on Systems (Level 3) 
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In this exercise, you •ompJHe the failDwing tasks: 

• Practice u^ing commands related to user identty and file ownership 

• Assign a usor to the syGacnvin group 

• Assign speca! file permissions to files 


Preparation 


Refer to lecture notes as necessary ft) Perform the step* lisUxE. 


Task Summary 

In this exercise you accomplish the following; 

• Usi g the commands groups, id, and id -a, identify the groups of 
which the roo" user is a inner. Compare t e output from these 
commands. Add a user account called $%erll by using the useracW 
command. Verify the list of groups of whft-h. user11 is a member, 

U 6e the Solaris Mnnageiment Console a new user account 

,£■ called ^se&i2. Add userll to the sysadmin gruup. 

||iog i n as ua«i JI and create a new hie cailed filcl. Attempt to 
. :;: dbiinge its user ownership. Record error menages. Change the group 
ownership of li .el to sysaa.Tiin. Switch your user identity to tire 
h ros>t user, and change ownership d f ilel to user 12. 

m As u&srll, Create a new file called file2. Use the chtnoc command 
to set setuid and seegi^ permissions on f ile2. Use the chm#d 
amunand to remove all execute permissions horn file2, Rrcofd tlw 
pfTrrv^ivins listed as you change them. 

• Record the permissions a^odahed with the /zzrp directory.. As 

userlU create n new file cailed te&tl in the directory; As 

userl2j attempt lo remote this hie, Reeerd the result. As user 11, 
ervate a new directory called cdrlin /expori/hooeygcerll.S«t 
permissions for the dirl direeftry to 777. Create a file called test;2 
in the dirl directory. As attempt to remove this file. Record 

Uv s result. Log in again as the t-z~ usex- 
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Exercise: Restricting Access to D^ta on Systems (Lever 3) 


Tasks and Solutions 


t* groups 


4 id 


4 id - < 


Complete the ful .owing steps: 

1. Lag in as the root user, and open a terminal windrw. Use die 
groups command to display the groups of which root is a member. 
Record the list that die gr oups cimmand displays. 

ether root bin sys adm uucp nail tty lp r.uucp 
da^nen 

2. Use the id command bath without and dien with die -a Option. 


•ocs the -id tx>mrruint1 report the primary cr a secondary group for 
the root user? 


Tfy id command reports the pritunnf-grotigi. 


Compare jpe id command output with-ihat fif^i'the groups 
cotmtuinifip Step 1. What additional information doe* the id -a 
comma nd : prov hie ? 

7 jV id inwnmemd refits grtup 19 numbers in addition to gjvuv 
nomrs tt 1 '- II groups. 

3. Use the user add commMid to create a new user called usoril with 

the fallowing cfia^J^risEie^: ■. 


m 


User Name: 

userll 

User ID* 

1C11 

Primary Grp up: 

:o 

Login Shell: 

K^rn 

Home Directory: 

/ 

Comment: 

S&2 3S : 

Posswcird: 

lz^pas: 


# useradd -\i lGll -g 10 -d /esportVhome/us«rll 

user" userll 

64 Hacks 

V Paaswd uaexll 

Nftiv passuvr i 123paSB 


-m -s /hin/kah -c "SA23* 


Psrformjng system Se^riiy 

Co^yrilhi 2003 Sun Micrgs.>-Gierns. Inc. A:l Reserved. Stei Servite^ Aevlsfcn A.2 


11-51 





Exercis e: Restin g Ac cess K>PaO on Syste ms (Level 3 ) 


^e-euter new I23ta»t 

#*ss»d successfully chaj>ged f£?r u^rll 

it 


i. List the groups of which userll is a member. 

4r id -a user 11 


staff 

5. Open a lenniiml window, and run the Solaris Management Consol ia 

■U hhuc t 


b. #pen the L*er Account* t**l. Select Add User i'r*m the Action 
menu.Then select With "template. Create a user account from thn 
following Information. Exit the Solaiis Management Console when 
you ace finished. 


User Name: userl2 

User ID: !Cl2 

P«L«5WOrtl: 123pa3ft 


7. From a terminal wlndmn^ i*o*the ucerrcod command to add uAarl * 
to group 14. Vehfy that the change tcx>k place. Log uut 

# usexntod -G 14 user 11 
it id -& uiierll 

' ' « * 

S. L*g jri&uriieii J L Opon a terminal window/ and use the touch 
command to create n Ale c^Jled^i 1 el. Verify thnt useril and llv 
group &ta£fi own £11*1. 

$ touch filfil 
$ Is -1 filei 


9. AttM^g Jgf change the owner of file! /nun use*ll to ugerl2. 
What ent>r menage appears? 


$ dKM& user]! £LLe) 
clx**'- filel: 04T12T 

10. Attempt to change the group ownership of t ilel from *taft to 
sysadmin. Verify the change. Did it work? 

$ ehgrp sysadmin fil#l 
$ 1 b -1 £±1»1 


Yes, 


IhSfc 
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Exercise: Restricting Access to Data on Systems (Level 3) 


11. Switch your user identity to the rooc user, and change the directory 
to /export/h*ne/userll. Change the owner of rilelfr*n*\ userll 
to userl2. Verify the cliange. Did it work? Exit your a u session when 
you are finished. 


$ 6U - 

Facsv^orilr cangetin 
ft P'wd 

/ 

# cd /expore/hooie/usarll 

# chcwn U 0 erl 2 filel 
it Is -1 

-rw-r-r- 1 userl2 sysal.mn 0 Apr 17 

# RX~j t 


2002 filel 


** . I W 

12. In the h«ne direcfcry for user 11, use the teuch command to create a 
file called file2. Display and record the permissfeons associated witli 


S touch fil©2 
$ 1ft -1 files 


13. 


The pen) ussiot r? £i 1^:2 sfinuhl read xv,- x r. 

Use the crimed command tolS^& fiwtuid and execute percussions to 
iil^2. DispLw and record the pei-missions associated with f -i le2. 


$ chnod 45$5 flle2 
$ Is -1 «. 1*2 


What changed ? 

If! 


.c 


,o 


Tin permissionsjvr :ile2 would read -r-sr-xr-x. 

gg Li. Use the d line 4 command t* add setuia and sctc/iit permissions to 
file2. Display and record the permissions associated with file2. 
What changed? 

$ chmod 6555 file? 

S Is -1 £il*2 


The permissions f*r file2 should mud -r-sr-sr-x, 

15. Use the drraod command with octal arguments t* remove all execute 
permissions from f ile2. Display and record the permissions 
associated with H.*e2. What changed? 

$ ohuvod 6444 file? 

S Is -1 £11*2 

'die permission* for file2 should mid -r-or-lr—. 
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Exer cise: Restrict r\§ A ccgscloD ala on Sy stems (Le vel 3) 


1*. Change the tfuvctory to / (roof), and list the pemussinns as«#ciahfd 
vinth the rnp directory. Is the Sticky Bit set an the /cap directory? 
Do all U 9 et* have vvriLc perrru^km in /t np? 

$ ed / 

$ le -Id tap 

Ves io both. 

1?- Change the directory to /t j:p. Create a file called tesirl in the /U^p 
directory. Verify tKeit usoill and the group staff own teetl wind 
that 644 (rw-r—r—) permissions apply. Wo they? 

$ c4 tmv 
$ touch testl 
$ Is -1 taetl 


Yes. 


18. Switch yotir user identity to \isczl2. In the / tip dbvrtnry, attempt 
to remove the _esLl file, What cne^agcs app«u? Exit vour xn 
session when you arc finished. 


$ 9 U userl 2 

FdSSf%Jord - 1-?3pass 
$ m t«stl 

rsm Tie-stl: override ct.ecci.on 644 (yeas/n 
rmi cestl not renv^^ed; P^rjiL-asion^^ifeni-ed 



$ oati t 

$ 




W 


19. In thtr- h#r\£directory for ^ecll, create a directory called t.i rt. 


Chnn^e permissions for the :Url directory to 777. Create a file culled 
cest2 helow the dirl director^ 


cd 

mkriiir clixl 
chtttod 777 dirl 
touch dirl/t«st2 


30. Svitvh your user identity to userlJL Attempt to remove the file 

hum the dirl directory, \feriir that the rests file no longer 
exist*. Exit you/ fiu 5C£f>on when you are finish* aJL 

$ su userl2 

123pass 

£ rm dirl/to£t 2 

5 Is -1 dirl 

6 «cit 

$ 

21. Uig out/ and log in again as the rsotuser. 
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Exercise Summary 


Exercise Summary 



Discus&i’on - Take a few minute* to discuss what experiences issues or 
discoveries you hud during the k.b exencis«s. 


• Experiences 

• Interpretations 

• O^nclti^ns 

• Applications 
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Module 12 


Configuring Printer Services 


Objectives 


Upon completion of this module, you shauid^be afefc tea 
a Identify network printing fundamentals 

a Configure printer services 

a Ad minister printer services 
a Start and stap the line piinter {LP) print service 

K* 

The following course map shows hovV this module fite into the current 
instmctianal gaaL 

Managing Network Printers and System Processes 


Sf£ 



ConfigRi^ 

PWll 

ServiffH 


' ■ ! ■ ! ■"■ ! ■ ! ■ ! - ! ■ ! -!■ ! J ! - ! - *! 4- ! - w fej^ ! -W- ! - ! -U ^ ~ hShM' S 

Figure 12-1 Course Map 
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Introducing Net work Printing Fu ndamentals 


Introducing Network Printing Fundamentals 

The Solaris 1 ™ Operating Hm jrorxm^nt (Solaris•£) IP print i*ni#e 
provides a complete printing environment that allows the sliaring d 
printeis across systems and a set of software utilities that enable u&ers to 
print files while they continue lu work on other tasks. 


Print ManagementTools 


The LP print service software contains the following components tor the 
set up and administrat cm of printers j n tJte SolariSjOE: 

• Solaris OE Print MnrWger - A graphical user iriteface (CLt) that 
prov ides the ability to configure and manage printed 

• LPpiinl service commands - Acwmmand-lfne rnlecfncv that 
cmxfigutc* nnd manages printers*. these ccanmands also provide 
functionality not available in the ether print management tooh^ 


Client-Server Model 


V 


The Solaris Ot punt smice is hsplcmented in a client-server model. 


Print Server 




A print seiner is uny system tliat is configured to manage a printer 
directly it or that is ctft-ached to tlie network. Tile print server 

shakes the priinjiqp available to other systems on the network and 
V pr*vide$ ^pdOhqj5 for the client's print requests. 


Print Client 


A prim client is a system that sends print requests; to a print server. 
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Introducing Network Printing Fundamentals 


Types of Printer Configurations 


As a s\^stcm <Klmi/\istrator, you must configure printers so that user?; have 
access (• one «r more printer^. 

You should distribute printers over several print servers. if one print 
server becon^ unavailable/ print requests can be quickly and easily 
routed to other print servers on the network. 

The Solans OE supports toc&Jr network, and remote printer 

<\mfjgurations. 

Local Printer 



A Jocfll printer is physicaDy ooimccicd k> ^system and is accessed trom 
that system. 

Network Printer 

A network printer is physically attached io the network and has its own 
hostname aendliuemel lYuiocol ilPj address. A network printer provides 
print services ta client* but is not dhsecLly^v^n^ded to a print server. 




A remote printer is one th^t use rsaccew stover the network, that is. a 
printer that is either physicalW cannected to a remote system or 
physically attached to the network. 
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intro ducing Network Prinfttg Fundamentals 


T2-4 


Figure 12-2 shows the concept oH^oa!, network, and remote printers. 


Prrrtl Clients 





Figure 12-2 Local, Nietwork, and Remote Tracers 

nMj & 

The prinfc>r n^med connected to ihn system named hcsul, is a 

loccil printer for any user logged pn lo that system. 

-The printer nanufl piHnterU isa network piinter that is controlled by the 
pffiftt server, Tliis is n network pc .ntcr f*r any users logged in on 

hi%11, hbs t2 T »s 13■ u r 'r.o a 14* 

For users whoare logged m to hosr2, h*st3, or host4, both frrinterA 
and printers can be accessed as remote printed 
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Introducing Network Printing Fundamentals 


Basic Functions of the Solaris OE LP Print Service 


lasic functions of theSolnris OE LP print service include initialization, 
queuing, tracking, fault notification, and filtering. 


Initialization 

The Solans OE LF print service initializer a printer prior to sending it a 
print request. The initialization function ensures that the printer is in a 
known state. 


Queuini 

J he Solans #E LP print service queuesrequests. The queuing 
function sdicdules the print l^queafeg tTp.1 ate- waiting to ho sent to the 
prill ter. 


m 


Tracking 

The Solaris OB^p print service tracks t^^status of ^erv print request. 
The tracking function enables the rex:" u,"s*r t^ manage all of the requests 
and typical user:-- to view or 'cancel their owti-requesis. This function also 
logs anv errors that have ■ccilrred duringThe printing process, 

:: A .fe x If O 


Fay II Notification 




The OE LF print seivice pr#vides fault nolifientitn if a problem 

occurs print seivice. The fault notification function prints an error 

message 'lftffcthfc console or bends an email b the r*coL user, depending «n 
how the sei, ice has been configured. 


Filtering 

Tlie Solaris OE LP print service provides filtering capabilities that convert 
print jobs to the appropriate type of file for the destination printer- 


LP Print Service Directory Structure 


The Solaris OELp print service induces?) director structure, fJes,. and 
l»gs. The ftJltwing section describes some of the mtre important 
component;; of this structure. 
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See Figvire 12-3 for an example of the Lp pimi service directory. 
Dynamo Spool, ny Araa Stifle Configuration A/ea 

^ (***> Q / (rootj 

PD 





■-4*1 tosjum-e 

I—Tl jy^ 1 ftm-JiMt 

P- irt - .'Oi f 

Ln 

HI *'/•'• 1 ttH-j:J jPh 

Jot* * 

Tftjtrvjit jcb t 



HIl ■%3dsl 

-0 • &.^an;iiicd 

—Qj netscanoard. 

4 > Ipihsa 


—T~T 5bin 

H3 n 

i-n 

-T] -p 

—T~1 pr-n-er^ 

T~l p rin tsfji title 
L—Q cc^figaraLlctt 

H!p * 

T--Q postpr inti fd 
— T ~1 inc*rf»c#l 

!_TJ printjtrnfiBe 

H-l ittttrs-nonr 


Figure 12*3 LP Pn nt S^vicc Pvrectary Smictuie 
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The /usr/hin Directory 

Hus directory contains the LP print service user commands, such as the 

lp, Ipse at/ and cancel commands. 

The /usr/sbin Directory 

This director)' contains the LP print service administrative commands, 
such as the ipusers, and lpahut commands. 

The /usr/chare/lib/terird.nf* Directory 

Tliis di rectory contains the tentvir.f* database directories, which describe 
the capabilities o i printers and terminals. 

The /usr/lib/lp Directory 

This directory comLai^j-fv {Lpschcd daemon, binary files 'ft^E&the LPprinL 
sendee lls**, PostScript™ fil 4er$,*md standard printer interlace programs. 
Two important subdirectories in the Ip director)' are thexrcde i 

and Postscript directories* 

The /usr/lib/lp/To#del Directory 

•si ^ 

This diredury contains tw# default ^nier interface programs or shell 
scripts, called the standard and the nerstandard Scripts, 

The ee^naard script supports local printos. For sample, when a print 
request is queued f*r printing, tile print service runs the printer's 
£Cfi_^darri script toj 

• Initialize ihe printer port, \i necessary 

« Initialise the actual printer using the terming database to find the 

appropriate c«ntr+] s^uenccs 

• Prints banner pi*ge, if oetcs&ry 

• Print iho correct number of copies, as specified by the user's print 
request 


Ccniigurini Printer Services 

C«iy«Ssit COQ3 $UPfc1IC<Wfaa«&.J(E. M**tfX* 
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The rtscsL^rviard script specifically supports network printers. It colkite 
the spooler and print database information needed to perl Orm network 
printing and passes the information to a print output module. Th*ms~pr 
module operas the network connection to the printer and Sends the data k> 
the printer. 




Note - The ndcpr module is located in the /us i 1 lb 1 r./ezz. directory. 


Hie ret” user ran modify any printer's interface script. For example, to 
turn oil the printing ®f a banner pivge, edit the 

/e t c/1 p/’interfaces/»rinC£r_r;arTje- f:le on tine prjucit server. Change ihe 
NObanner lirte! fr*m: 


rKrbrirriipr^ “tic * 


1 


n::b^nrer=*yOfc" 

1 

The ,'usr/lib/Xp/t:«stscript Director^ 

I his directory contains all PostScript filter programs provided by tfus 
Solaris 0£ LP piint service. 


Print filters are programs that lht> print yeiver uses to convert the 
L'ontvnt type of a queued print request fr#m one format to another format 
that is acceptable in tlie destination pr inter. 


The PostScript print filters in 'hxfr directoiy handle: many situations in 
which the printer requires the con lent of files to bein PostScript fonBfiL 


these fillers have companion descriptor files in the /etc/lp/£d directors' 
that tell the LP print service the characteristics and itcalion #f the fillerSw 


The /ettr/lp Directory 

This directory contains- a hierarchy of LP server configuration dim.rturitfy 
and files. 

You can view Ihe contents of these configuration files. However, you 
Jahcruld not edii these fifes directly, lo make configuration changes, u$e tlu? 

lpad?t!_ii command or prinmgr Gl>T 
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There are three subdirectories in the /szc/lp director* tlxat arc important 
to printer configuration. Tht^e are the fa, interfacraa and printers 
directories. 

• The /etc/Ip/fd directory contains a set of print J'iltCr descriptor 
files. These files describe the characteristics of the filter and point to 
the actual filter program. 


Note - Tin* /etc p til- , lill_ e filt* contains a filter lookup hible- 



• The -^c/ lp/inter faces direcloiv contains each printer's interface 
script file. When a printer is configured, th&.pririt service places a 
copy of the appropriate default interface scrip! from the 
/u^r/lib/Ip/model directory into the 

.•■>t.c/ J.p/interfaced /pr-Lntemajre file. riable 

is the file (.Teated that contains Ihe n wly confi'gttred printer's ewri 
interface script. 

• The /=-zf lp/printers directoiy;coot<fins a *ub directory for each 
printer served by die system Each subdarectray ohU&re 
configuration information and alert Hies for an individual printor. 

For example, the configuration life for a punter named prinTer3 can 
contain the following iufi >rmatk*n: 


v cat /*tc/Ip/printers/printer®/ooiifiguratirQfi 

Banner: optional y; 

Content typhus 
9&vi cw; /onfv/null 

Interface^ ./uBr/llb/Ip/^^Eei/n tatfl-^.dard 

Printer tDfiij: £8 

t*kx±jies: 

Qpti#r)za! de«s=princ^fi,c.roto«ial^b®o 





The /var/spool/lpDirectory 

Tliis directory cxtntriitu; a list of current Quests that are in file print 
queue, 

'[ he pscr.ed daemon for each system keeps track of print requests in the 
following d i rectories: 

• /var/spccl/lp/ tup/sypteez-^dme 

• / var/^proi/ lp/requests /systma -zl=^ 


Contouring Printer Servl#©& 
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’With a local print request, the /var/apocl/lp/ljtip/.systeja-fajrie 
directory contains ont? file, and the 

/vcj:/spoo 1 / Ip/re^uests/ szsst&r.-narzc directory contains knottier file. 

With a remote print request* |h* /Var/^ro«l/:p/^-^/sysre 2 «- na^ 
directory contains two files, and the 

/var/spoc I / !p/rtrusses/jsyst^r.! 2:ane directory contains one file. 

•nhr the roc. «r Ip users can access the information in the 

/var/ £9001 / Ipy^^i^szs/sysn «directory. 

•nly the user who submittod the print request, the reeb user, or the ip 

user can aiA^ss the information in the /var.-* spool/ ip/ 

directory 

I hese files remain in their directories only as long dis the quest is in 

the queue:. After completing the print request, the pr:nt scroee vumkncs 
the Information in the files and appends it to tl ce 
.V-JT; lp/lc$s, r'erjvifStS file 

Note - The ■ vdi'/spc i _:.Ldirectory contains the clieni-*kte request 

sta^ln^ cin>a for the I.F print service. 


The /var/lp/Iogs Direc^ry 

I his directory contains «in ingoing history of print requests. The lag hie 

/v^r/Ip/lo$s/:rfiquss~& contains information about completed print 
requests II ml <\re no longer m the pi'Ini queue. 


The /usr / ehin/inetd Internet Service Daemon 

The Internet ser\ices daemon, ineb-1. is. the server process for many 
network services. lrk> usunllv started up at system boot time. 'I he daemon 
listens for *enice request* on the port* that fire associated with each of the 
services listed in rts configuration file, /eLo/inetd.ccnf. When a»tqust 
arrives, the ineid dai^nun executes the server program that is associated 
with the service Print servers listen for print requests wilh the inetd 
daemon, and upon hearing a request, start up the in. I^d daemon. 


NernrediaiftSy^ernAdminifiiration fey the Sotarfs"* ?C^»failng&^fiofirwent 

C*pyr1(pt2 D 80So n Mkir^^wDs. Inc. AJ< Rialia R©a»*v®d. Sup Serbia b. fl«wlsi«n AJ? 
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The /usr/1 ib/print/ in. lpd Program 


The ine-;d daemon star* the in. lpd program, sometimes referred t> as 
the protocol adapter. Ibe in. Ipd. program implements the network 
listening seryice for the print protocol. The print protocol provides a 
remote interface that enables systems to interact vdtha local spooling 
system. This protocol defines standard requests from tl\e print client to the 
print server, such as requests to start queue processhrg, to transfer print 
jobs, to retrieve print stalus, and to canoel pn'ntjobs. 


Upon the receipt of a connect request the in, lp-ti program starts, and 
Services the connection. The Lfx Ip* program closes the connection and 
exits after servicing the request- 

T he /usr / 1 ib / Ip / lps ched Da em& | 

Tire LP print service has a sched called ip.Gcr.ed. The 

scheduler daemon updates the LP sp^-em fil|||vith information c<bout 
pn'nter setup and configuration. It requests issued t» the 

svstctn bv the ).w and Ipr commands. 


Ihe Ipsched &$?&&& ^f^ules a l of the local print requests orb a print 
server. It also tn^k:?iho status of printers and filters on the pint server. 
When a pr inter finishes a request, the Ipsched daemon schedules the next 
request/ if U|g||; is one in the||ueue mi the print server. 

Each ini fierier has only one lpschec daemon running. It is 

staft^tteby theffcontrol script /'^-.h/ro3 ,d/S$0lp when the system is 
Vqotctffnr enters run level 2). the parent lpschod daemon spawns a 
\ b'C hUd^pscLed processes to service prinl jobs. 



Goniiguring hnnterSe/vfces 
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Solaris OE Printing Process 



Users submit prinl requite from prinl clients by using tho Ip or Jpr 
corn:n<-incis. 


Note - The Solaris OE Print Serwtee accepts both the System V Interface 
Definition (SVfD) / ^r/bin/Ip command and the Berkeley Software 
Distribution (BSD) /u^rvucto/lpr command to submit prinl requests. 


Users should use tliese commands to print text file* These commands do 
not prinl documents created in applications such as Frame Maker. Mo«t 
third-party applications require y#u to print from a selection menu within 
the application. J6,, 

The function of the lp and lpr commands is to queue print request f#r 
printing on a destination printer. 



Locating the Dest ination Printer 

( 




The Solaris LP print service check* several t to locate the 

destination printer fora print request. 





^8 m 
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Figure 12-4 Shows the resources diecked as it identifies the appropriate 
printer for a print request. 



^ Is the 
PKOJTEH 0 r LPPBST 
yerjeb-le set? 


*T Is the 
printer identified in tNS 

5 HDME., 1 r printers . 

file? X 


/ ig#e ... 

sprinter ide^.ed in the\ Ygb 


Ie Ihe printer 

i-d-entiii Erri in a name 

h. service? >. 


Is the printer 
name specified 
on the command line? 


res 


Mo y 


Yes 


Figure 12-4 Locating th£ Destination ] Vinter 


If the command line d*es not specify a named printer dcstinaiion, the 
user's shdJ environment is checked. 


Ctnf*g u ting Printer SerVrces 
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tfcu cm set the LRSST or P^^KT^K eminxvment variables to a default 
priniff name Ihe ip cuxjvjtwvJ checks Lf222T and then ?fcTXTCtt Tlie 
I pr command reverses the ixder when ^aar*hing for a printer. 


If neither variable specifics a n.flmed printer destination, then the Solaris 
•E LP print service checks for the variable named _«tefault in the 
following files: 

• The She!*12/ . pi a nte-rs file 

Users, can create their own .printers file in their home directory to 
set the default printer name. They $h#uld add tlie following line to 
the file: 

_d=fauit prinzarfiMw 

If the SHOIS/.printer? lile does not exist er dues not spedfy a 
printer name destination, then theSolaris#E LP print service checks 
the /erc/prInters .corn file. 

• Ihe ecc. pc _ri.ecut file 

Each entry in the /etc/pri^c^rSi.dor.f describes a printer 
destination. For o>tample, if hociil is tfck print server's name and 
printer A is die printer's name, the entrain this file appears us 
follows: 

_default:\ 

{jig : us eepx ino*rA: \ f •> 

pifintF=rA: \ & f V 

i badaddr^b*^£8 f princ<erAr safaris 
:description-psdflatezA 

m 5v 

If the w Ae fill i't variable is not set/ then the _ciefa\il t variable in the 
ttamt? service database* (for example, Network Information Service (Xlfc)) 
is checked. 

H 

• The printer*. cor, f .IMiar** file 


The printers «conf ,feynare fife is the NK version of the 
/a-c/printer*. conf file. In this case, tbe_defau It variable entry 
in tlie n.ime ^service txup called . byname defines tlie 

print seivcr nnd printer name destination/ 

_4ef aul t: hsdaddr=S<?rve.r^*a]£, Or in.temiiTn e : 


II the destination printer name cannot be located in any of these 
configuration rOfcouft VS, the print request cannot be complied 


12-14 


lrH 0 rm«niate sy$<etti Administration ter the Solaris 1 * 9 Coating Environment 
Ccfjyf^flNaaos *K. M SwoSarvteSv (Wimo A2 







Introducing Network Printing Fundamentals 


Note - The Inst three files described in the following paragraphs rely on 
the prints-a; entry in the NIS version of the /etc/ns&witch, ~or.f file. 


An example of the /etc/ns«v/3tch,conf file syntax is: 
primers: ussr files nis 
where: 

US£x v =r •vcdcs $KQME/ , pxd-Oters f: C 
f il«s = Checks /etc/printers . ccnf tile 
nis - Cheeks printers,C«m£ r Vy^arre fjj« 



comma i\d sends the request In the dromon. The lpscned 

daemon is also called the jjrint scheduler, | ‘y 




V 
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Figure 12-5 fciiow* the rote of the lpecr.eadaemca\ in the printing process 



Ip/ IpE ft*nds me truest Id ipaehmO. 


lpsebed Spools the print request 


IpBehed msilchesthe primer type arm 
the file pentent type 

lp»die4 identifies the declination Mrinlor* 
far the print client 


The interface pmpaih 
dowrrioads me life HUto cwlnn&r 


DdojPTffnll 


Lpschad iiat-te, ihe 
pftrtltr'i irtjfttlc.i-je program 


Figure 12^ Local Printing IWs 


The Fsches daemon matches the printer type and identities the default 
printer for the system. It then filters the print job- 

The l»sch“d daemon ket*ps> track of print requests in th^* following 
directories: 

• /var/^pool/lp/rariuests/systcr:; n^rje 

• /var/£fx~r;1 / j p/trflp/ gys cai?LJiarr.i£ 
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If the printer is free, the lpach^d daemon starts the printer's interface 
program. The interface program performs the following function*: 

• Initializes the printer port 

• Initializes the printer 

• Prints the banner page 

• Prints the conned number of file ctpies 

• Sends any tau)t n#hiieati#ns 


Remote Print Process 

When a user submits a print request to a remote printer, the Ip or Ipr 
command sends the print request direct^ to the pnnt server. 

Iho print stiver processes the punt request and sends the print request to 
the destination printer to be printed. 
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Figure 12-6 shows a remote prinl jvqtiest submitted from a print client to 
a print s-eivei* in the Solaris OE. 



I^gure 12-6 Solaris OE Remote Minting 

if 


I The rlliT S g y ii'it command communicates directly with the print service 
on the servetJo transfer a print reqm^t to the printer. 

The piint server listens for print requests with the Internet service*; 
daemon inet£, When the In end daemon hears a request for a piint 
service on the network, it ftUnto the in.Ipdiprogram. The in. led 
program is also called the print pnrtoeol adapter. The la. ipa piogram 
stnrl* on demand and exits \rhen the network request finishes. 

l he print protocol adapter translates the print request •omxnunicafcesit to 
the print spooler, and returns the results to the print mquoJer. 

Hie print proceed adap t# contacts the lpsehed<laem*zt to ftMrt the 
printer's inter/ace program and to transfer the prim request to the 
destination printer 
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Configuring Primer Services 


Configuring printer services in the Solaris OE involves a number of key 
tas s. Table 12-1 shows these tasks. 



Table 12-1 Main Tasks for Configuring Printer Services 


Tasks 

Description 

Setting up the 
printer 

Physically connecting die printer io a System or 
the network 

Setting up the 
print server 

Configuring Out system J^pt te. to manage and 
provide access to the printer 

Setting up the 
print client 

Configuring the system to access a remote printer 

|. 

Verifying printer 
access 

Clicking that the print serverrecognizes all print 
dieids and that«ach piinl client recognizes the 
printiseryer 


%. Ill % 


Note- When a network oi systems temot running a name service, such as 
NtS, enter each pr:nt server^ host name and IP address in the 

/ineb»^||tets file cn tire print client when you are setting up tin? 
giilfchter se "vices. 


Identifying Print Server Requirements 

m | 

Any systeni cn the network can be a print server if it has Ihe resources lo 
manage fhAprii tii.g load/ such as spooling space and memory. 


Spooling Space 

The spooling space is the amount of disk space that is used lo store and 
process print requests. Spooling space is die m®s( important factor to 
consider when designating systems as print servers. The recommended 
starting size for spooling space is from 25 lo 500 Mbytes, depending on 
the typ *nd the size of hies being printed and Ihe number of users. 


Configuring Printer Service 
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Con figuring Printer Service s 



Nole - The term is an anonym for system peripheral oj^rrrthwi 

Offline- 


Memory 

The Solaris OE requires 64 Mbyte? of manoq* to run on a system. Prim 
server^ do not require additional mmioiu However, nn extra 32 Mbyte* 
of memory can improve performAnce when the server is filtering print 
requests. 


Using the Solaris OE Print Manager 

1 he Solaris O E Print Manager enables you to set up And rnanage printers 

'I'he Solaris OH Prinfr^&anagcr is the preferred;!n e th od for mariSgir^g 
printers. When used with it name service such-as NJ$, it centralizes- 
piinter information and simplliivtj printer adia^nistration. 



fVJote - Tlie Safari* OE lYint Manager $eoogniz£s existing printer 
information on print servers, print clients, and in the name service 
databases. 

The step* demonstrate how to canflgure a netwark printer with 

Hie Solaris Print Manager. As the root user, start the Solaris OE Pitnt 
Manager with the following command: 


# /usr/oa^n/advuA/biji/pQrlntjagr 6 

« :t: Mfc ft-. 


You can also start the Solaris OE Print Manager by selecting the Printer 
Administrator from the Taols option on the Common Desktop 
Envirunmmt (CDE) Workspace menu and entering the hast name of the 
workstation lo continue. 
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Configuring Printer Seivices 


Fither method displays the Solaris OB Print Manager main window/ with 
Figure 12 ^7 overlaid on t«p of it. 



figure 12-7 Select Naming Ser\ r ice Window' 

Jfllk 

1- Click OK to select the default, files. 


Figure 12-& remains on the screen. 
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2_ Click the Printer menu in this window. Figure 12 - 9 show* possible 
menu selections on Ihc Printer menu. 



Note - ®y clicking Print Manager :inc3 selecting Show Command Lin* 
Console, you can sac the; command-line equivalents k) each o/ the action* 
taken to configure printer*. You p then these steps as command* to 
.lipeM'orrti ttTrtiial- actions in the fijfure or build your own scripts fci 
S||f i gurinj| pijri Lets. 

• Menu sdottions include; 

||||j &. 

• Add Access to Printer - Selected from a piint client to avt up 
access to printers that are controlled by a print s-erver The host 
name and IP adders of the print server must be in the print 
clicnf'?/e“C/iner/hosts file or in a name service database (for 
example, N1S). 

• _\>\* Attached Printer - Selected uom a print server to 
configure a printer that is physically connected to it The print 
server prov ides the queuing capahili&e$> Altering, and printing 
administration. 

• New Network Printer Selected from a print server to 
configure i) printer that is din_>ctly attached to the network, The 
pr.nt server provides the queuing capabilities, filtering, and 
printing administration. The network printer's name <ind rity IP 
oddrebs must be entered either in the print saver's 
/erc/ir*at/hc«"S file or in a name seivice database. 


IntertradJate Syaieto AdniirwsfcratKva tar m&Sorfsris^ 9 Oparating EF*vi<uemertt 
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Configuring a New Network Printer 

Table 12-2 show? tlw information you tvoiild use toconfigurethenew 
network printer. 

Table 12-2 Information Helds for Configuring a New’ Network Printer 


Kequired Field 

Des ription 

Printer Name 

A unique nair e for tire network printer. The ncme 
:an contain a rr^uximum of 14 alphanumeric 
d-iaraclers, including dashes and underscores. This 
is the name entered on the command line with a 
print command. , 

Printer Server 

Defaults to the name of the system on which you 
are currently rijnfiing^eSolaris DE Print 

Manager. Thiss\ r stem-:||:;thc print server tor thin 
network printer. $ 

Description 

TKs^V||i;is optional. A printer's descripticm 
conmronly contains inJorcTf-udion to help users 
identify the printer (for ekampJe. physical location 
or printer type). 

Printer Fyp& 

:’ m 

I' 1=-. 

Ji. . 

The generic rvume for the lype of printer (for 
example, PostScript, HP Printer, Diablo). The LP 
service identifies each printer by ils printer 
type. Printer t 'pe daln is held in the direct ry 
/ug^kghare/Iib.- terrfd.nfo. Tire Other option, 
located al the end of the list, allows for the 
selection of any other piinter lype listed in the 
t-ca-minfo database. 

File Contents 

Specifies the data format of files that can be 
printed without any special filtering by the LP 
print service software. 

Fault Notification 

1'he list of choices for how the superuser Ls notified 
of printer errors. These include: Write to 

Suparuser, VI hi 3 to Superuser, or None. 
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Table 12-2 Informniion Fields far Configuring a New Network Prinler 
(Continued) 


Required Field 

Description 

Destination 

The network printer's unique access name. Tlu) 
Destination access name can be either llv name ot 
the printer or its IP address, as defined! n the 
/etc/inet/hosts file or in a name w-'rvio? 
database. The Bcstination access name te. u*e<t 
only by the print subsys e n When it is making ihe 
network connection to the physical printer or the 
printer-host devi'ce. It becomes part of the printer 
configuration database and is associated with the 
network printer's IP address. 

Protocol 

The Internet protocol that^s used to communicate 
with the printer far file traisfer. The choice are 
Herkel ev 6S® Pr\nk>c 1’rutixol and raw 

Transmission C#»rtnd Ihokxn) (TCP). In general, 

(he TCP protocol is more generic aair^ printers 

The printer vendor cfacumeiUalion supplies the 
i nfiMi nation aiputihe pifotoci# tc\ select. 

•plion* 

Identifies two opfe^ns, the Default Printer option 
and the Always Print banner option, whkh, by 
de/flull, <w disabled. To enable an uptioiV cllt-k in 
the appro riatc boxfef check mark hippeary), 

User Access List 

| 

Specifufs print.dTcrits that can print to this printer, 

By default the w«rd all allows every print client 
access to this printer. 
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Configuring Printer Services 


From the print server, use the following procedure to set up the 
configuration information to provide access to a new network printer. 


3- From the Printer menu, select the New Network Printer option. 


Figure 12-1# .shows the window that appears. 



■ PSSrdrlfjlone:, 

: ''' ‘ 

- PliiteF TfiJffi 

^ r; 

FiteCtt^rtts:- 


Script 




I m K 

£££££*»$£ 1 
V y V A X > 




. . . 


; .j; ■; ■; 


‘ J J!=L: 


' ' ■ . 


Figure 12-10 Solaris Print Manager: New Network PrinLer Window 
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ConlHj uriri g Printer S erv \ces 


4. In the Printer Nairn? field j enter the nev printer name, for example, 
prinLerA. 

5. Click the Description i Held/ and enters printer description of your 
choice- 

6. For the purpose* of this demonstration, accept the default Printe r 
Type: PostScript. 

The LP print service u^es information in the torttunf o database to 
initialize the painter, a* well as to communicate th: sequence of 
oudes to the pri nter. 

To view the c<intents of the terminio directory, type the following 
command: 


tt l£ /uar/a are /1 /terminfo 

1 2 3 4 5 » 7 5 9 A a B to c 4 e f ^ £ H h i J fc 1 

Mirn o?pqr S« ” u V w x y z 

Hie Larrrinfo directory contains many ddSerent subdirectories that 
are named with h letter or digi l Use the same ini 1 irtt letter or di Ait 
that the minuforlurer asagned fo die printers genm e The 

-PT iinf o database Includes Information about terminals and 
modems too. 


f 


ex\4y25 00 


For example, the printer^pe for a particular Epson printer would be 
loaded in the eitbdirecfccfry /u^r/share^lib/temirif c/c, 

it l£ /uar/&hcure/lib/t-.Axttin£a/* 

ertio+s ep25QC+M^: ep48 

en v2 3 0 ep2 500+lew'- epeott2500 

en vi s i o 11 2 3 • iiiii 0 e pson2 5 Qfi-81 

ep25aa+¥asi^f ep4000 ^peon3SijS-hi 

ep2500+color‘ -p403* (apcor.2 5 O'b-hi S 0 

7. Accept the cfe/ftuJt Fih> Contents: PostScript. 


^rfoaOOO 

esprit 

ethemet 

qx3000 

e-xidy 


Every* printer hn * configuration infivnrtiatioii pertaining to t h e content 
tvp e of files that it can accept for ite printer fc-pe. H le LP print 
service depends on this configuration information to match the 
■LrntCTil type of each print request to the printer type, which ensu/us 
that the file is printed #omecdy. 


X2-2B 
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onliguiing Printer Services 


By selecting a file content ly e, as shewn in Table 12-3, you can 
specify the data format of the tile that can be printed without any 
special filtering bv the print 9a/tvv*are 


T abie 12-3 descriptions of File Content Types 


1- 

File Content Type 

Description 

ASCII 

ASCII files do not require filtering. 

PostScript 

Posl&jipt files do not require filtering- 
Po^tSeript is the default. 

Both PostScript^r\cl 

ascii 

PostScn.pl and ASCII filet do not requi re 
filtering. 


All files requirefeltering, except those 
matching the printer's type. 

Any 

No filter ingrequiied. If printer cannot 
handle the tile content lvp^ the file lit not to 

be printed. 


Sr Click Fault Notification, nd select Ofce Mail fo Superuser option. 

9. Click the: Desti nation field/ and type £ Destination access rin mt. 

: r^|- network printer is not recognized by it name or IP address in 

the host* titbit?/ you might need t# use the vender-supplied 
name fot the network printer,, which is XMietiiMs qualified by a 
designated port lumibe^ Thcs*? are both explicitly defm d i n the 
^ printer vendor's documentation. 
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Table 12-4 shows the format for a Destination entzy. 


Table 12-4 Westination Entzy Format 


Destination 

Protocol 


BSD 

teg-jMPBe .or i nj- 

BSD 

7 Pjrat 

BSD 

7P_AlX?f?jpcart_i2Laci!jffr : 

Ter 

printer nod£_nm&:pcr r X'jsvhei- 

rep 


1. Th* porl aurtiVcr is ^riiU wrver dependent. ^«r example, LcxMirk uses 

10. Leave the Internet protocol set to •$i>\ 

11. Click in the Default Printer b«>* to enable the Default Printer option. 


Note - If cnnbtai, the default Printer option designates thi* printer as the 
default printer for print jobs ffcum this system. 




12, You can (optionally) click in the Always Print Banner box to enable 
the Alwaj^lrini- Banner opbon. 

13. Accept Eheadfault,, &\1, for thaj3§er Aooew> List. This allows all 
uiehs-on a A systems K> use the printer. 
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Configuring Printer Services 


To restrict user access to this prin er, you can enter the values shown 
in Table 12-5 in the text field below the User Access list window, 


Table 12-5 User Access Values 


Value 

Definition 

user-n&ne 

The specified user, for example uaeri r can access 
the printer from *my system. 

syst&s- 

r.'tte i user-oanis 

The specified user from the named system can 
access the printer, for example, huivi : -r^r-3. 

py$ r am- name ; a 11 

All users from the named system only can access 
flu* printer, for example, ho^r ■! A 1 1 

all i u^cr-.oi/ffe 

Ihe np^eified user from all system* tun access the 
printer, for example, all luseri.. 


Note — To delete an entry h u m tlie User Acax List, aeJecMhe entry, and 
dick Welefe. 



s*i- 
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14- To accept the I’Hfiv network printer's configuration in/virrrvitton, click 
OK. 


Figiue 12-11 shows the Solaris OE Print Manager window, wliich is 
displaying the newly o#nftgvtied printer- 



15 T« close the Solaris OE Print MafSfger window, select the Exit option 
fmWm Bgpt Meager menu. , i 

*wmmm ^ 
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Administering Printer Services 


Administering Printer Services 


You use the ljtacL'oin command to configure theLP print services in* rathe 
command line. 


You lX>uW us« this command to perform the f«l .•wing tasks: 

Defining printer devise* aod printer names 

Spec.tying interface programs (custom ct standard) and printer 
options 

•dining printer types and file content typ^-H 
Creating printer classes ||| 

•efining allow and deny user listv 
SpedK’ing fault recovery 
Removing printers and printer classes 


’ I he pa enrin command is most commonly useH b y 
puip«sc of: 


rooL user for the 


■■■/ > 


• Creating printer 

• Setting or changing lll!ilte3|| default printer destination 

• 1 Removing a printer's configurati^^dirn the LP print service 


Confi gu ring Pifnter Classes 


Y*u Cctn printer access by establishing printer classes, A printer 

class is a Wayj : .oi' grouping individual printers so that they can be 

identified by a single name known as a class nanu?. 


Af*e.r a printer class is created, you use it as the desti nation tor users' print 
requests, The LP print service automatically sends each print request to 
the f irst available printer within the class that matches the content t^e 
expected by the printer. This useful feature can help you balance the kvid 
•f print requests antong several printers. 
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Admin istering P rinter S ervices 


A printer class can includes 

• Specific printer types (^> r ^^ample, all PostScript printer*) 

• Printers in a specific location (for example, Building 2) 

• Printers inn specific work gmupor department (for example,- 
Marketing, Llngjneerjng, Accounting). 

You can create a printer class by using the imaccnin command only on the 
print server for vi'hich ihe punters are configured. Printer cannot 

be defined on print clients. 

Confifjurinfj Printer Priority Within a Class 

When y^«u create n printer class,, the root raer can control the printer 
access order by adding ihe printers to the c£*ss in a descending aider. For 
example, by adding <* high-speed printer to the printer cliws first, you can 
enable i t to handle as many print rcquefits as possible, before off-loading 
to the pri riter that w ed k> the cla$| next, and so on. 



Creating a Printer Class 


You create a printer class when the first printer is added to the printer 
class name. After creating a printer class, v®u can add other printers to it 
Cit any time. 



uple erea printer class called bldg2: 


Th.> 


* lPr»Onfcl n -p printerB -c bids2 

The fallowing example adds anolher printer (princ*rD) to this class: 

# lpadmin -p priat^fp -c kldS2 
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Administering Printer Services 


After you hav* finished adding pimfeis to the printer vlass, use the 
acc^M: command to allow of print requests to the new print 

queue <bl6q2 m the example). 



Note -The accept command is explained in Module 13, "Using Print 
Commands." 


# accept bldg2 

d^$c:ir,ation *bld«2" now accepting revests 

Use the ps t ac -• t command on the print server to check tht: atfltw of the 
new piinter claa$: 

£ lpata.L -t. 

5ch&±iler is aitiiiiivj 
sys^eri d^ciiiiaLiar.: printer A 

s^rfcerrs of class bl<lg2: 
pjrin-arB 
prjjiier* 

device for prirterB^ /dcv/null 
device for Pr^.LerDL /dw/n i J-i 

bld£2 acceptjr.g request since Fri, ; J|p 4 10:37:44 KST 2702 
prinierP accepting requests aincfc F^mTei n- : 4 1C:37:44 MST 2002 
pHncerP acce^rinf r^du«ets since Fxi'?pai- 4 1#;37;44 2002 

r 

To send a print mjuaa.t to a printer perform the followii\g 
command: 

% lp -d bldg? n^rflle 

recue^t id is bicgf-C (1 file) 
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Administer ing Printe r Serv ices 


Setting the System's Default Printer 

The rccc liber can run Lhi? Lpadmin cormnnnd to *;et an individual printer 
or a printer to be the system's default destination foi all print 
rt!i|ueats. 

=r lpadSnir* -d printema.^ 

4 Ipacfcoir* -d 

For eaiample, t* set a system's default destination printer, perform the 
Command: 

if lp admin -d printers 


'lb verify that the system's default dcsiinat.frn printer has Ix^en bet, 
perform the command: 

* Ipatat -d 

systeit default oestzlna-iio.n printer® 


m 


To i*eiitv f aii iiadividual user's default destination primer perform die 
command: 

5 lpstat -d 

sj.-'st eir. defaul t aestincxieL^i: ::^ers^printei: toy 


Ihe print Tequest.|£suM is sent by defatdt to printerE,. 


# lp 

re^fu^st id ic p^ 4 jptor 5-514 ff file) 

rA 


T2.34 
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Changing the System’s Default Printer Class 

To change a system's default destination printer to the class bldg2, 
perform the commands 

£ lpmdaiin -d blU<?2 

IPStAt -d 

systsitt 4eszi2aLi^ii! hi&a 


Note - You cannot aetivaty or deactivate a printer claSA with the -enable 
and disable commands. You can activate or deactivate Only the 
individual printers wiihtn a printer class. But you can allow or disallow 
spooling a classes'jobs by uning the commands accept tlnd reject, The 
commands enable/ diaubla, accept/ and reject ate explained in 
Module 13/ "Using Print Commands." 


Removing a Client’s Pri nter Configuration 

To remove a printers configuration manually on the client side, perform 
the following: 

1. h@^^j||,the root u*er On the printdient that has aoooss io the 
pfirilt^H^'e removed fiom the LF'print seivlce, 

2. Delete €rii>rtni:dion about the printer from the print client by 
performing an lp^eL-nim command. 

# lpactrvia -x p fin l em&r** 

where -x deletes the specified prinfcn 

; Jbor erampK the following command deletes priAterD f^#m the 

system 

# Ipadnin *-x pri_ntexD 

Information for the specified printer i& deleted from the print client's 
/e.t'v’srinters . conf file. 

Repeat Steps 1 and 2 for each print client that has access to the printer. 
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Adminis tering Pr int er Services _ __ 

Removing a Server’s Printer Configuration 


Not* - The rej esc *ind disable commands <ue explained in Module L3, 
"Usting Print Commands." 

To remove a printer's configuration manually on the server si'de, perform 
Ihe following: 

l Log in as the root u&er on the print server on which the printer is 

coniigmed 

2. Stop queuing print requests on the piinler. 
t rajact printaorD 

3. Slop the printer. 

# disable printaxrD 

4. Delete the printer hom the print serv er, 

k lpadroln print #rl> f % 4 

This ad ion deletes configuration inlbffiiWion for ttojp^&ntcr from the 
pivtt server's /etc/lp/pr inters directory and v 

/e;c. urir.ters. caa£ Hie: 

fc 
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Slatting and Stopping I he LP Prlnl Service 


Starting and Stopping the LP Print Service 

The LP print service is started by the l*sdi^d daemon and is shut down 
by the lpsh .it command. 


Starting the LP Print Service 


The lpsched daemon £trtrt9 or restarts die LP print service. Printers that 
<\/v restarted with a Ipsiched command from the command line, reprint, 
:n tlici'r enLiroty, the print requests stopped by die lp*hut romtruind. 

The following is an example of starting die Inched daemon from the 
command line: 


z /ti£r/lih/lpnctui 
Frinr services 

Tile lp pi-int service script, located in the /etc/init. c directory, also can 
be used to start the Ipse hod daemon. oV 

# /etc/i-nit.d/lP BtfltTC 


Fr'ir.t seirvhcee sL?irtt^l 




Stopping the LP Print Service 


1181 


Tlie IpahuL oemnuuul £tops the LP pr:nt sendee. Any printer* lluit are 
•; .^ttrrently pointing tvhen die ctnvuand is invoked stop printing. 

^TSeialkrwijig Is an example of the lpshu^ command; 


H /ufif / iib/ipdint: 

Pri_r_L services stc^pp^h 


The lp print Venice script, located in the /e-c/init,ddirectory, aLeo con 
be used to stop the lpscbed daemon. 

n /etc/init.d/lp stop 

Print services stopped. 
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Module 13 


Using Print Commands 


Objectives 


Upon voG'Pldion of tins module,you should be able to; 

• S[x>L*ify a destination printer 

• Use the LP print service 

'Tht> following •ourse ip shills how Lhi$|n<xlule jtit« the eunenl 
instructional goal. 

1 % ^ ir 

Managing Network Printers and System Processes 



... 






LTs»n* 

Print 


Centring 

Sy^tSfn 

■■■' 


f%Command> 


Processed 

| . . : . 






Figure 13-1 Ccmrs-e Map 
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Spe cifyin g a Oe sUnalion Prin ter____ 

Specifying a Destination Printer 

In the Solaris OE, users $ bmil print requests by using Ihe ipcosnmnnd 
#r the ij»r command. 



Note - The Solans OE LI 7 Print Service accepts both the SVlD 
/■usr/biri/Xp command and the BSD /usr/ocb/ l_ora>€rmwid to eub*nit 
pnnl requests. 


Using the lpCommand 

The Ip command is located in the /u.h r/bin d'lrejictory, The Apcommand 
submits a print job to the default printer o&lo another printer (by 
spedfying the printer name). To use the comman^ perform one of the 
fo] It 3 wing comma 1 ids: 

$ /usr/bi-Ei/ IP 

5 / -jz*a /in / Lp - d pri. n t Ox n&nyi ££ l efi^rie 



Using the lpr Command 

Th? lpr command is located in the /usr/ucb directory. The .Lpr 

Gszrtfttdnd ^ulidadiiH in manneroslhe Ip command—*t submi ts a 

print job ip the default pnntcr or to another printer. 

$ /usr/ucb/l y.r W' 

$ /u^r/rcb/ lpr printezzLXSB 

Ihe preceding examples *f (he piinl commands demonstrate the atomic 

style. You can also use ihe Portable Opvn Systems Inborfoce (I’OSIX) style 
to specify a destination printei- 

To submit a print request that uses the P#$]X style, include the print 
command and an option, followed by' the printer server name, a colon, 
and llie printer name as configured on the print server. 

The full commandd'nte entiy is as follows; 

/usr/hin/Ip -d boetnai^rptintorrmra £llma&m& 

/usx/ucb/lpr -p hoIntern**** filma* 
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Using the LP Print Service 


Usjig the LP Print Service 


The LP print serv ice is a set m) software commands, utilitieSr and filters 
thel allow users (• prini files and the roan user to set up and manage th?. 
print operations. 

Table 13-1 lists some of die mor* commonly used print service 
administration oommands- 


Nrtte - You must be thL v^ot user to use the** i umnun^i- 



Table 13-1 LP Print Sendee Administration Commands 


Command Name 

Description 

itCc:e^tl 

Permits print requests to b^ qimied for the 
*pecifie printers 

reject 

Prevents print requests from toeing queued 
fox the.spiH.ificpriiUor^ 

wnaJolo 

Aotiva& the sp eified printers 

disable 

Deactivates th s^edfVd linker 

Ipncve 

MovWs print, requests from one printer 
destination to another 


Print Jobs 


$ 


As the root user, you u&e the accept command on the pri nt server to 
penuk print requests to be queued on the specified printer 


Usin§the accept Command 

You use the command to allow queuing a t print requests for the 

named dent.natjons. A destiitatian specifies the name of a printer or 
pr’inior ejass. 

The format for the command is: 

tr /Lisr/sbin/acce?t destination (u) 
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Usin g the LP P rint Ser vice 


In the following ex^mple.^ the root user has enabled the queuing of print 
r <)ue ts on prirtftiTl 

tf Accept prLntefP 

destii^tion "P^intarD- t&k accepting revests 


Rejecting Print Jobs 


A a the r*o“ user, you use the reject cymiund an the print server te 
prevent print requests from queuing on the specified printers. 


Using the reject Command 

You use the re: ect command to prevent pijrrt requos^ from Queuing and 
stop us rs from submitting requests to lhe : priftU>r queues, % 


4 


The formal for tlie ttiiumand i& 

/ucr/sbni:/rcj«cc -r tiennlsuitiofiix} 


t 



\ 


The folio wing example sj|pv- how$£> use the optional " rc^tn* ta 
enter an explnnaitian for : llB“ rejection af print requt&fS fora printer. A user 
c ansee that text by issuing the Jibstat -aer ipecac t command. 


3T rajeefc -r "Replacing tdDAr c arzri&g** printer!? 

doscirxetiAT. “pr intent: will langer except r^fu^tc 


Enabling Prints 

On the print server, as the root usac; you can use the enable command to 

activate thm^^ihed printers, 


Using ttieeneble Command 

The er.&kla command activates the printers, which enables the printing af 
requests submitted to the print queues. 

The format far th** command is: 

* uer/ &I n ■ i=nn - i rra c te 1 

The fallowing example show* haw to enable printers 

TS anahla printarD 

printer ’’printerD 4 ' now enabled 
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Usi ngthe LP Prin t Service 


Disabling Printers 


On the prinl server, as the root user, y«ucan use the disable tinimand 

to deactivate the specified printers. 

Ustng the disable Command 

Ihe disable command deactivates printer*, winch disable them from 
printing print requests waiting i n the print qocus. 

5y default, any requests cwmntly prinb g on the printer when the 
di sable command is issued are reprinted in th ^entirety when the 
printer is enabled again. 

i * i' t 

The format for the command b: ^ * 

. 11,^ •** 

# Aisr/kin/disabi • -o | » -r d&gtinatiaB 

* % m 

Table 15-2 show* the options for the disable fgmmand 

A. . 

Table 13-2 Options for the doable Comnmnd 


1 Option | 

| Definition | 

-tr * | 

i Cancels the evtnent job and dUabies the 

i m 

' printer. The current job prinlod later. 

* 


^ Visits unlll the cuiren^ job is finished before 1 

M m 

• 1 

diSt-ibl'ing the priftUT. 

1 'X , i 

1 

Assigns n reason for the disabling of the 


| printer. 




The following example shows how to use the disable command with 
options 


# disable -W -r "Printer down for mainti 

printer ^piinre^^ nw disabled 


ce" prinberu 
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Using Itie LP Pri nt Se rvice ^ _ _ 

Moving Print Jobs 


You use the command to move one or all print request® fr#m oi\e 

printer cWstindtion to another pimtct destination. 


Using the ipnove Command 

The format fox the Iprocve •nmmand is: 

ft /US r/sbin / IpmOVD m?urc^_ rfsst i Mti OK tar^ei^Ctea t iiW t i OB 


To move one or all print requests by using the Lpnioye command, 
complete the following steps. 


4 reject -r 

destination 


1. Become the race ust>ronthe print server, 

'L Use the reject command to prevent any furlher ] 
being sent to the print queu*, Tliis ytej? notifies us 
is not accepting jequesls, 

"PrinterC ia down for r^Paira" print*rc 

* k prir;berC - srLll nfc longar aoc^: requests 


ijpt requests from 
S that the printer 


ft Ipsfcat -o 

prioterc-29 
printerC-30 
prinz«rC-3i 
printerC-32 
prinzerC-33 


3. Use the lc^tat comrtictnd di^lay the pnnt queue to see how 
many print requests are tc?8e moved. Tli^i step is needed k) identify 
| sprint request identification numbers (IDs) only if selected print 
Tequ^s|s ar^igoing to be moved to another printer. 


X : 

sy61425 Jan <07 12:30 
flays!! I usSIl *£ 9560 Jan 07 12:30 

9y9S%^2 I4S Jar, 07 12:30 

?$Y&42 luswrft * 545 Jan 07 12:30 

sys*2'u3^r2 $45 JdnS7l2;30 


4- Use the a.pstat c*mrt\and to verify that the deshnaI ion printer is 
accepting piint requests. 

ft lpstat -a Printer*, 

prinzer printers a^cep=irvj r^goes^-_ 3 Si^ce Tue Jan 1 


5. Move fcho print request, 

a. For example, to move oil print requests from pr*i nzoiC over k> 
printorJj perform the following command: 

ft lcnove print^rC printer* 

jnove in progress . , . 

cov^l or 5 re^u^crs incvc# trom printers ta mincer A 
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Using the LP Print Service 


br For example, to move one t>rnu»rc individual prinl requests 
from priiiterC to printairA, perform the following command; 

£ 2pouy& prlnt^rC-32 priuterC-33 print*m& 
tatal of 3 retjuaets moved ta primerA 

6. When printierC, isavmUble use the access ctHZUftand to 

print fobs to queue to printarC- 

# accept printarc 

destination "printerc* now an^ptjug r&I-tttz 
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Pe rforming th e Exer ci ses __ _ _ _ _ _ _ 

Performing the Exercises 

You have the option to complete any one of throe versions of a lab. To 
decide which to choosey consult the following descriptions of the levels: 

• lA?vel 1 - This version of the lab provides the l«tf$t amount of 
guidance. Each bulleted j-xiragraPh provides a task description, but 
you mu-st determine your own way of accomplishing each lask. 

• Level 2 - This version of the lab provides more guidance. Altlvough 
each step describes whftt you should do, you must determine the 
commands (nod options) to Input. 

• Leve 13 - This version of the lab i s the easiest to accomplish because 

ecvh step provides exactly wlvat you should inpi||h> the system This 
level also includes Lhe task solutions f$& ail thrcPWeU. 
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Exercise: Using the LP Print Service (Level 1) 


Exercise: Using the LP Print Service (Level 1) 


In this exercise, you uac the Solans #E Print Manager to set up a print 
$p ler tliat sond$ output to a local terminal window, add access to a 
remote printer, And use print management commands. 

Preparation 

The host name and IP address of the system that c ntrols tile prt nter you 
want to access muxt exjfct in the /etc/hcscs file. Refer lo the lecture notes 
as necessary to perform the tasks listed. 


Tasks 



used by die of thenx In the other window/ run Solaris #E Print 
Manager, and define a local Diablo printer thaiattes the fir*t 
window V tvrminfil output device. Test the new* printer. 



(Juris OE Print Mfinager t# gain access tu a piiivlxir defintd 
ay^tem. Test llt£ remote printer. 


(Steps <343 in the Lev el 2 1*1) 


• Manipulate your Diablo printer to: 

• Disable printer output 

9 Queue four files for printing 

• List all rint )ube 

• Cancel two jobs by listing their request IDs 

• Cancel the remaining jobs b y using their associated user names 

• Enable printing again 

• Reject print requests and supph a reason 

• View the reason 

• Ai\:ept print requests on the default printer 
(Steps 14 -24 in the Level 2 lab) 
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Exercise: Usings th e LP Prin t Se rvice (Le vel 2)_ _ _ 

Exercise: Using the LP Print Service (Level 2) 

In this exercise, you use the Solaris OE Print Manager to set up a print 
spooler that sends output to a local terminal window, add access to a 
remote printe , and use print memcigement command*. 


Preparation 


Tli* host nwne and IP address mi tho system th^t controls. the printer you 
want to tK'cefcs must exist in the file Refer to theleclmc* notes 

as necessary to perform the tasks listed. 


Task Summary 


In this exercise, ymu accomplish the foDHpririg: 


• Open two terminal wiadawe. Kivordthe pseudo terminal device 
used by one them. In the othor ^yirfdow, run the-^oLirih OE Print 
Manager, an^Miic A lo&l Diablo printer Lhrtt uses the first 
windows triiiiitSjp os its output device. Test the new printer, 

• Use the Sot aris OE Print Manager to gao d access to a printer defined 
on another system. Test the remote printer. 

• Use the following StanmapEteto manipulate your Diablo printer: 


• disable 


• ip 

• l'P-stqd^ 


• accept 

• reject 

• cance1 


• Manipulate y#ur Diabl# painter toe 

# Disable printer output 

• Queue (mur files far printing 
m List nil print jobs 

• Cancel two jobs by listing their Bequest IDs 

• Cancel the remaining jabs by using tlitdr associated uier ivtmos- 
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Exercise: Using the LP Prim Service (Level 2) 


• Enable printing again 

e Reject print mpieste and supply a reason 

• View the reason 

• Accept print requests on the default printer 

Tasks 

Complete the following steps* 

1. Log in as Ihe root user, and open two teinYuwl windows. In one of 

the ivindows, use the t^y command to wfeitlfy the pseudo terminal 
device theil it uses. Use this device name as the port fox the new 

printer. For example, the device name in the foil wing tput 
/aeV/ptfl/5; 

4 tty 

/dev. 'pts/5 

l>vice rine* "■ 

2- In the other terminal wi dow, r^nSae Solaria OE Print Manager* 

3- In the Select Naming $cr\ ice panel, verify that tile* is selected, 
and dick OK. Fr*an the Print Manager menu, select the Show 
Cwnm/md Line Console opti n. Position the Command Line 
Console in a convenient looati if.S*/ 

4. From the l 1 winter memi, select die New Atta hed Printer option, 

hr PiB^n the fields according k> Table 13-3. To name your printer* use n 
name ditfe rent ham that of vour system. 


Table 13-3 Cl^nfigurati n Fields 


IhS— 

Selection or Entry 

[Vinter name 

Your choice. 

i •ascription 

Your choice. 

Printer port 

Select the Other option. LtUt*r the device- niitne of 
the terminal window found in Step 1. 

Printer type 

Diablo. 

File content* 

ASCII. 

Fault noti fic ation 

i Write lo superuser. 


Using Prtrtt Commands 
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Exercise: Usi ng the LP Pri nt Ser vice (Level 2) 


Table 13-3 Configuration Fields (Continued} 


Field Selection or Entry 

Default Printer 

(Select the box.) 

.Always Print Banner 

(Do not select the be?*-) 

L wr Access List 

(No change,) 


fc. Click ®K when you are finished. Notice the command-line entries 
that appear in the console window. 

7. Test your printer configuration by printing tb^fetc/hostfi file to 
the default printer. Obseive the output on the other terminal 
windenv. 

You should the mntents oft he J&ucf. nos t3 file str#U through the 

o ther window. 


& From the. I Vinter menu, select the Add Access to Printer option. 
9. Fill in the fields according to Table 13*4. 




Table 13-4 Configuration Field* 


fe. 


Field 

Selection or Entry ^ 

Printer name 

Enter the name of a printer on another system 

Flint server 

■ Mr 

Enter the name of the system on which Hie 
preced Jug printer is defined. Ensure this system 
ltd me and IP address are in your /etc/hosts file. 

Description 

Your choice. 

Default printer 

[>o not select the box. 


1CL Click OK when you are finished. 

Notice the oommandhe enirics that appear in the console window. 

11. Test your new configuration by printing the /etc/hosts fik to the 
remote pri ter, Observe the output #n the other syst m, 

Y#u should see the contents #f the /etc/hests file scroll hrough the 
other window*. 

12. hi an available* terminal window, use the lpstat command to 
display the cun'ent status information of the printers on your sys era 

13. Disable print output for yeur default printer. 
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Exercise: Using the LP Print Service (Level 2) 


14. Send the fallowing four files to yonr default printer: /e~c/bests, 
/etc/inittao, /etc/dfs/dfstab, and 
/ etc:/ skel / l«cal. profile. 


15. Check the print queue t# find the request ID f«r each job. 

The four print jobs should be listed with sequential numbers. 

16. Use the lequest IDs to cancel two of the requests. Verify the result, 
U*e the following syntax *0 cancel the requests: 

$ cancel printaraaire-# 

Two of the print jobs should be gone. 

17. Cancel the other tiv# jobs by indicating the u^cr wh# sent them. 
Verity the result- 


18. Enable printing for y*ur default printer. Use the following s-yntax: 

# enable priu tamame 

If. Set your default printer to reject requests, <ind display a reason for 
doing so, For^xample: 

£ r*j*ct -r "Printer is dolin' for usint^naiige^ pzintem^ 

2(1. Attempt to $*nd a job t# the default printer. Objthe messages 
displnyoil ■ 

# lp /etc/hoBte 

Your message should say Di'inCer22asr,ei Requests are r.cz 

, . f I : 

be- me ♦accepted 


21. Use th^f jfpsUut command to d&play the reason that the printer is 
n#t acccj|l hl S rc qtiests. U’ se the following s}ntaxi 

* lpBtat -a. ,pxrint4mAO>6 

V-s Yeur milage should say prinrazr^/Tie,- ynur reaao.-? fr-om 

step 2& 

22, Set y#ur default pr:nter to again accept requests.. 

# accept printamaro 


Using Print Commands 
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Ex ercise: Using the LP Prim Service (L evel 3) 

Exercise: Using the LP Print Service {Level 3) 

In this exercise, you utt? the Solaris #E Flint Manager to set up a print 
sp#«ler thal stmd* output to a local terminal window. ,idd access to a 
remote printer, ;ind use print maj'uigement commands. 


Preparation 


The h.#t>t name and IP oddress of t e system that controls the printer you 
want to access must exist i n the /ecc/hosts file. Refer to the lecture notes 
as necessary to perform t e tasks listed 

Task Summary 


In this exooS£, you Accomplish the ioltatring: 

• Open two terminal windows, Recoad the pseudo terminal device 
u&«d by one of them, Jn the Sptber window, run t e'SbktnsOE Print 
Manager, and define a l*cal P^ablo printer that uses the first 
window's terminal as ih output device. Test thv nei^ printer. 

• Use the Sohirte OE Flint Manager to gain access to a printer defined 
on another system, lest the*remote pnftlctf. 


ip 

* 


J&e the fallowing OFjnnuiiicfs to manipulate y#ur Piablo printer: 
% Gcaftla 



If 

ip£tat 


• accipt 


• reject 

• caos&l 


• Manipulate your Diriiblo printer to: 

• Bisable printer output 

• Queue four files f#r printing 

• List A) print jobs 

• Oncol Uvo job* bv listing their request IDs 

• Cancel t e rejiniiining jobs by using their associated user names 
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Exercise: Using the LP Print Service (Level 3) 


• Enable printing again 

• Reject print requests and supply a reas«n 

• View the reason 

• Accept print requests 


Tasks and Solutions 


Complete the fallowing sti>p&: 

L. Log in as the rctc user Sind open two terminal windows. In. one of 
the windows, use the tty c*rtwnond fc> identity the pseudo terminal 
device it uses. Use this de\rice nnmeas the p*rt for the new printer. 
For example, the device name in the toll •wing Output is 

/c.ev./#t:s/5: 

# tty 

/dev'pcs/5 .j|. 

Device: na#e: yk^dvoice iVwe \pifivftry. 

2. In the otHJ|| terminal vyindow, inn ^Ihe- Solaris QE ■ Flint Manager. 

# /uer/aain/admiii/hiri/printiicigr & 

3. In tb..> Select Naming Iice panel, verify that files is selected, 
and click OK. From die Print Manager menu, select the Show 
Command Line Console option. Position the Ctmuiritd Line 
Console in a convenient location. 

4. Vtvmvthe Printer menu, select the New Attached Printer option. 

5. Filldasthe fields according to Table 13-3 mn page 13-11. To name your 
priflte fee a name different from that «f your system* 

|| ft. Cli^k OK when you are finished. Notice the command line entries 
that appear «n the console window. 

7. Test y#ur printer configuration by printing the /etc/hcsts file t» 
the default printer. Observe the Output On the other terminal 
wind#w. 

# lp /etc/ho^ts 

You should see the contents#f the /et:c:/lia»t-.» file scroll through the 
other window. 


8. Fr#ni the Printer menu, select the Add Access to Printer option. 

9. Fill in the fields according to Table 13-4 on page 13-12. 


lisini Prim Commands 
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E xercise: U sing the LP P nfil Service (Level3) 


li. Click OC when you are finished 

Notice l ho oorMT^vnd line entries thaL appear in the console window. 

11. Test your new configuration by printing the /e±c/ r :.ost£ file to the 
remote printer Observe the output *n the Other sybiem. 

# Ip -Cl &rlntamani& /«tC/hoats 

You should see the contents of the /eic/haets file scroll through the 
other w rnetow- 


12. in an available terminal window, use the lpstat command to 
display the current status information. of the printers on your system. 

# Ipetat -t 

13. Vtenble piint output for your default puntet 
t disable prlntAr&anB 

W* -f- 

14. Send the following four files to yc&ir default prrnWf: .^cc/ho^-s, 
/et.c/ ir. It tab, / h hr. / d fs / if a L^b, und 

/■=5to/»kel/locai .profile. 


•i 

11 



# lp /mtxs/bomtm 
t lp /etc/inittab 

# lp /atc/dfa/dfstab 

# lp /etc/iH*l/lcical«profile 

15. Aeck the print queue to find the request ID,/or each job. 

# lpBtab -O 

.. y ^|p. I 

®fhe four job$^hould be lift ted with sequential numbers. 

16. Use the request IDs to cancel tvixi of the requests. Verify the resuil- 
Use the following syntax to cancel the requests: 

t canoel pr±nc*znasie-# prlnt^xraan^# 

$ lPetat -o 

Two of fheprint jobs should be gone. 

1 7. Cancel the other two jobs by indicating the user who sent them. 
Verify the iesuit. For example: 

?T cancel -u root 

# lpptab -o 

18 . Enable printing for your default printer, 
a •nafcia princerzmuw 

1$. tiet your default printer bo rq’od roqut'Ste, and display areasar. for 
doing yg. For example: 

t rm -i* is ckJitEi Soar <«fci ncqaifc^ 
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Exercise: Using the LP Print Service (Level 3) 


2#. Attempt to send a job to the default printer. Observe the messages 
displayed. 

it IP /etc/ha^t* 

Yaur message shauld say j*rn ner? 2 atfe: Requests m-e nzz 
being accented 

21 Use (he lpstat command to display the reason that the printer is 
not accepting requests. Use the fallowing syntax; 

# lpstat -a .s*r internal 

Your message shauld say printernalr*e: your reason fzrzjr. 
see* 20. 

22, Set yaur default printer to again accept re^ufcSts. 

$ accept prltttemsrra 
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ExercfceSurwnafy _ 

Exercise Summary 



Discussion - Take a few minute* to discuss whnL experiences, Issues, 
discoveries \*mu had during the lab exercise. 

• Experiences 

• Inkerpneiabons 

• Candusi*»«s 


• Applications 





#% 1 

m wm% 



13-id 


Intermediate System Administration 'fortfie Solaris™ 9 Operating Environment 
CwyrljJn 2§00 Sun Mi»n»s>/^cnis. Inc. All RlDhto ^§§erv«iLSurt S«rvi* 3 % Rsvi^on A2 





Module 14 


Controlling System Processes 


Objectives 


Upon completion of this module, you shouldp^e able 

• View system processes 

• Ckar frozen processes 

0 


• Schedule one-lime execution of a commarfti 

M . : , * 

• Schedule automatic recurring; ^^c^tion of a command 





Managing Network Printers and S$fet6m Processes 


Canrtrdling 

System 

Processes 


Figure 14-1 Course Map 


fiapyr cjln aiua £,m W r.rci septus. In-. A! Rljnis Hgsgrved. Sun Services, Revision A. 2 


1 4-1 











Viewing System Processes 


Viewing System Processes 

A process is any program that La running on the system. All processes arc 
assigned a unique process identification (PiD) number wJiich is used by 
the kernel to track and manage the process. The PIfr numbers are used 
by die root and ifcgulflir users to identify and control their pnx^esse*. 


Using the CDE Process Manager 

The Solaris OE Common desktop Environment (CPE) provides a Process 
Manager to monitor and control processes dial are running on the local 
System- 



To start the (\t>4e^s Manager, click tJ>e tjind Ptd« onntrol on tho loots 
subpane) of th c front Panel. Figure 14 -2 shows the Tools menu. 


Figure 14-2 Tools Menu 

You can also start 1ho CPJ* Process Manager from the command lino by 
Wiping the following: 

# /uer/dt/bcLzi/sdtProce&& fc 
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Viewing System Processes 


Figure 14-3 shows the window that appears- 
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Figure 14-3 CiDE Process Manager WinSow 
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The Process Manager can sort processes alphabetically (Name) or 
s|pj^i^piericaUv^^K depending #n the column that is selected. 

;; ■■ J \ f \*f 

i43U can mil*# a search by typing text into the Find field, 

||f M n £Lo J|precess, highlight it and press Control-C, select the Kill 

Option from the Process menu, •«* select the kilJ pti#n from the options 
that are available when you press the right mouse button. 

%■ illl ill v, .. 
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Viewing Sys tem pr ocesses 


Using the j»rstat Command 

TJ\e prstat command examine* and displays infnrmotion aboul active 
precise* on the system, 

This command enables you to view infcmnation by specific processes, 
user idoitification (UJD) numbers/ central processing unit (CPU) Ws, •r 
pmcc^Pcsetb. Bydemtill, i\m prst^z command displays information 
about all processes *r*ted by CPU usage. To use the prstat command, 
perform the command; 

ft psrstat, 


PI» USERNAME 

8I2F 

*3S 

STATE 

PRI 

MICE 

TIME CP 

jj PHOCESS/NI/A’? 

1257 

root 

46CGK 

4232K 

q*uO 

29 

0 

0:00:00 V 

PC'- 3% protac/l 

1245 

root 

328K 

256K 

alf*ep 

5? 

D 

0s00:00 0.^4 sh/:i 

1247 

root 

1I72K 

1446K 

cleop 

59 

0 

0: 0C: 00 

o.yf 

1256 

rdOL 

Vti'tK 

14j.6K 

sl^ep 

49 

0 

»:fp;00 

Q,o r i kih/: 

243 

rooc 

2840?: 

23VCjK 

-sleep 

59 

0 

MI:N 


388 

root 

2720ft 

1544K 


1 59 

0 

OsODsOP 

• ,0i B«hd/t 

lUJtpul 

t edited for brevity; 


' 




205 

root 

3V04K 

2032K 

Sle^p 

591 

0 

OsCC-iCC 

G.G % auWaiiOunzd/3 

228 

root 

2204F 

13?2X sls^p 

59 

Q 

0:08:00 

C.O* ctcnyi 

•2 

CT3»t 

2848K 

2_12K 


59 

C 


0.0* picld/4 

55 

root 

229tX 

1448K 

sleep 

59 

0 

£':M;00 

0,0% syBBver-td/13 

132 

root 

<!134K 

1368E 

sleep 

59 

• 


0.0% rpcbind/l 


To-cl 1: 48 processes, 2D* l'/.ps. l^d averages.: i.io, 0.00, 0.01 


To quit Hu- prstat command, type g 

Table 14-1 the column hendirgs and their meanings m a prstat 

report 


Table 14-1 Column Headings for the jrrstar Report 


Default Column 
Heading 

Description 

PIC 

The PID number ol Hir process - 

USERKftfrffl 

The login namo nr 113) or the oivner of the process 

SIZE 

I'he total virtual memorv fcize of the process. 

ESS 

1____1 

The (Kidcnt set s-ize of the i n kilobytes, megahy li>, or 

gigabytes. 
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Viewing System Processes 


Table 14-1 Column Heading* for the prsiiat Report (Continued) 


Default Column 
Heading 

Description 

STATE 

The state of die process: 

• eiju. - The process is running on die CPU. 

• sleEp - The process i s waiting for a n event t o complete. 

• run-The process is in the run. queue. 

• zombie - The process lerminuW, and the parent is not 
watting. 

• 1 = tea ‘1 he procese i s stripped- 

PKI 

The priority of the process- 

MICE 

The value used in priority computation. 

TIME 

The cumulative execution Lime for the process- 

CPU 

The percentage d%receiit CPU lime used by the process- 

PROCESS/Nt-VJP 

The namifef the process .iilhenumber of lightweight processes 
(LWFs'j iilUte pro^a. % 

-^-- 


Note -rThe ko&mel many apphcations are n#iv multithreaded. A 
threadis'alo^l^ sequence ofpr#g*>am instructions written to accomplish 
a particular task. Each application thread is independently scheduled to 
pxx\ on anLWP, which funotions asa virtual CPU. LWFs in turn/ are 
attached to kernel threads, which are scheduled to run #n actual CPUs. 


Note - Use the pziicntl (U command to assign processes to # priority 
class and to manage proems priorities. Hie nice<2) command is #nly 
supported for backward compatibility t« previous Solaris OE releases. 

The priocntl coiiumind pr vides inure flexibilit in managing processes. 
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Tabic 14^2 shows the options for the pcsbaL camircnvL 


Table 14-2 Options- for the pr^tAJt Command 


Option 

Description 

-a 

Displays separate reports about pnx'esyes and usoin 
nithesanoe time. 

-c 

Continuous ly printa new r parts below previous 
roporla. 

-n TTproc 

Restricts Hie number of output l ines. 

pictiisr 

Reports only on processes that have a PiD in the 
given list. 

-e xey 

iiorte output tines by ^yin descending order The 
five posable keys indude: OTU,Cira& fliuc. m.and 
pr ^ Vow can use ortly one key al a time. 

-5 l££?y 

s ort* output lines by ^.yin ascending ocdiir 

-t 

Reports rntri] usage summfuy tor each user 

u euiii^ict 

1 • 

Reports only processes thaihave^m effective user ID 
(1 L l[>j in the given list. **:■ 

-U lll-cj2j.sC, 

' \!p ’ ' : : '''^i £ 

Report* only processes- that have a real UTD in the 
ftivcih list. yi 

',L_ ... .11 




5MU.. 

'Ma 


\ 


\ 




% 

■^tSC 
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Viewing System Processes 


Using the Solaris Management Console Process Tool 

The Solaris Management Console provides a tool for monitoring tind 
managing system processes. Y#u the Process Tool by clicking Thi s 
Computer, and then clicking System Status. Then dick Process, 

Figure 14-4 shows the Solaris Management Console Process Tool. 



' i-« 

. odLjcDvv^-iadsL.....-.-■.— 


: I 





Figure 14-4 Solaris Management Console - Pruceas Tool window 
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View ing S ystem Pr ocesses 


From the Vtmrtxsz Tool, you can <Jo the tallowing; 

• Suspend a pffOCeBB. To do this, dick die process name,, and choose 
Suspend from the Action menu. 

• Resume running t> suspended process. To do this, click the process 

name, and chooi* Resume from the Actum menu 

• KID (dc]e4«j a process. To do thi& <Jjck the process name, and choose 
Delete fr#m the Edit menu- 

• Display mon> information about a process. To do this, click the 
process name, and choose Properties from the Action menu. 

• Refresh the main window view. To d o this, cho#se Refresh from the 
View menu. 



mm * 
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Clearing Frozen Processes 


Clearing Frozen Processes 

You use the kill command or the pkill command to send a signal t* 
•ne or more running processes. You would typically use these commands 
to terminate or clear an unwanted process. 


Using the kill and pkill Commands 


You use the kill ox pkill commands to terminate one or more processes. 



The format for the kill command is: 
kill -sizTvZil FID 

III 

. & 

The format for the pkiJ. I cu 
pkH IJ -signal t'rmcess 

iefore you cai^erminato you must know its name or PIP. Use 

either the ps of rep command to l«cate the Pip f#r the procey^. 

The following mm the command to locate the PIP for 

Iho :nai 1 processes. 

$ -1 Mil 

1.->1 s^ncvjvail 
12047 agnail 

a W:* 

•> 

$ pkill dtmail 


% 


The following examples use the ps and pkill commands to loea be and 
: dtraail process. 


# [grep mail 

314 ? 0:0 0 ser.drtv&il 

1197 ? 0:01 dtxiai I 

# kill 1197 


To terminate more than «nc process at the same time, use the following 
s}mtax: 

$ kill signal FID FID FID PID 

$ pkill signsj prnosas proceed 
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Clearing Processes 


You use the kill command without a signal cai the command line I o $end 
the default Signal .5 to the poxe^. This signal usually causes the process 
to terminate. 


Table J4-3 shews sonii 1 signals and names. 


Table 14-3 Pnxvsn Signal Numbers and Names 


SignaJ Number 

Signal Name 

Event 

Default 

Action 

1 

' 3 IGHUF 

Hangup 

l-xit 

•T 

£t 

sugim 1 

Interrupt 

Edt 

9 

STGKILL 

Kill 

Exit 

li 

1 gjGTTFSW 

' -J 

Terminate 

Exit 


• 1, snean? A liangup signal t» cause a telephone line or terminal 
cunncrtan to be dropped- Fo r retain d aemre^ such as iae-^d nod 
_r_.narked, a hangup serial will cause thedaiwiun to reread its 
configurat ion file. 

• 2 , SIG TNT - An interrupt sijjrtai frm m y #ur keyboard —-usually f torn a 
Control -C key combination. 


jf - 9 r siQKitL*- A signal to kill a process. JK process cannot ignom this 

signal. 

'S' • f 

« T& siGTEEtf - A signal to terminate a process in an orderly manner 
Some precedes ignore this *igmcd. 


|A complete list O?sigruds that the kill command can send can be found 
by executing the command kill - T -, or by referring to the man page hr 
agMI? 


# nan -s3^Md signal 


Some pccxvsses can be written to ignore Signal 15. Processes that do not 
respond to a Signal 15 can be terminated by farce by using Signal 9 with 
the kil l or pXill commands You use the following syntax: 

$ kill -9 FID 
$ ©kill -9 process 
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Clearing Frozen Processes 



Caution - Use the Itill 9 or pk til -9 command as a last resort to 
terminate a process. Using ihc -9 signal on a process that controls a 
datal-vase application «r a program the - it updates files can be disastrous. 
Hie process is terminated instantly with no opportunity im perform <m 
orderly shutdown. 


Performing a Remote Login 


When a workstation is not responding to y«ur keyboard or m+use input, 
the CBE might be frozi>n. [n suchc^ses, yon maybe able to remotely 
accoss your workstation by using tlie rlo^in command or by itting the 
telnet ommand from another system. 


Killing the Procsss for a Frozen Logfi 


After you are connected rcin«tcly to your system, you can invoke the 
pkill command^to torminat^^ie corrupted session on your workstation. 

In tlie fallowing'tfxntnples, the ^cgin command is us^t to l«g in In 
5:^542, fiom whfci|yQU can issue a bkild. or a-kill command. 



S rlosrin eya42 

P3 F 5WO-d : Bn tJ’Fa SSWpxd 

■Last login: Mon "nn l.:l 10:11:56 freer. ^yc43 
Sun MicrqjsvEtems Inc + S^-OS 5.9 B~$= May 20C2 

$ pkill Xaun 

or 


£ 'W 5 ? 

• Sa % 


< 


375 ? 0:03 2Lsur? -- V 

S kill -9 379 
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Scheduling an Automatic One-Time Execution of a Command 


Scheduling an Automatic One-Time Execution of a 
Command 


Use die a t command to automatically execn e a j«b only «nce at a 
Specified time. 


Using the at Command 

The format for the ar comrnand ts: 

at -7^-c ri/ue 

at -r ja>? 
nt -1 

Table 144 shows the opttons you van use to imtruct the Cro process on 

how to execu an at i#b. 

' y 

Table 14-4 C>ptium^for the at Command > 


Option 

^ ■ -- ms- —-n 

Description 

-IT- 

Sends mail to the user after the job hai? finished 

- 0jb 

Removna scheduled at job from the queue 


Specifics n specific queue 

time 11 

Specifies a time km the command to execute 

: 

K**purfe all job* ^ iwduled for Ihe in\i4dng user 

date .. 

■ : HI? 

■i 

Sped fie? an opl iona 1 d ate for the command to execute, ' 
which is cither a m«nth name followed by a ciay 
number or a day rtf the week 


t<M2 


Inteimediate System Admrn ^raf'ionfdrhe Solaris** 1 9 QpeiatfrtQ Environ men; 

roc^pt 201*3 am MCAWto#fT^lnc.^a ReWfiA^ 




































Scheduling an Automatic One- \ ime Execution of a Command 


For exa mple, to create an at job to mo. at 9:00 p,m. to l#cate and delete 
ccr 6 tiles from us r 2 's home directory, perform the otmmand: 

if at 9i00 pro 

a:>find /e^>ort/lic«\®/iiS6r2 ub>p core -e^tec «n O 
a t > cGontr ol-D> 

cemrands T /;ill kQ executed u*ing /sbin/sh 
jck 1016075400,a ac Wed war 13 21sC0:00 2002 

To display information about the execution times of jobs, perform the 
command: 

i at -1 1016076400.& 

1C1607340C.a Wed Mar 13 21:00:00 2002 


To display the jobs queue to run at spt^fied times by vhronologi'cal 
•rd«r of execution, perform the command: 


ft ata 




Rajik 

Fx-=^ution Date Owner 

Job rai e 

Job Nane 

IsL 

Zter 13 . 2002 2'l ; 0C rooc 

10l607i|fc.| a 

tttdiri 

2nd 

Max 13, 2002 21: Of root 

| i$lbD7&M.« a 

stair. 

3rd. 

I4nr 1.1 2002 21 ; ifey root 

1 iiE607^)Sd* a 

stain 



: W 



To view all the at jobs Currently scheduled mth£ queue, perform the 


command: 




- 



# le - 

-1 /vax/flpcxjl/crQn/dtjQha%. 



-r-Sr- 

—r — 1 root Qtb^i- ||| 

p 13 13:08 lC16078400.a 

-r-Sr 

r ^ 1 .rmmt. dfcher 

913 ?lat 13 13:0S lC1607*7:'0.a 

- r - S v ’ - 

-r— 1 rool- ether 

385 Var 13 13:03 1016075000.a 


You fan ;dso use the at 

omnwxd to remove a job front the at ^u*ue. 


For exampfe, to remove job 1016076400 .a from the at 

queue, perform 


the command; 



# at - 

r 10160764OO.a 



w atq 




Rank 

Zxecuti#:: Date Owner 

Job Queue; 

Job Narr^f 

Is: 

Mar 13, 20C2 21:05 raat 

1016078700,a. a 

stdin 

2nd 

Mnr- 13, 20C2 21:10 root 

1016075000.a a 

stdin 
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Scheduling an Automatic One-Time Executi on of a Co mmand 


Controlling Access to the at Command 

As the zw*t uset you control who has access t# the at command with the 
aL. deny and at« allow files. 


The /etc/cron .d/at .denyFile 


Bv default, the Solaris OH includes die /'at-.c/crtn,d/at .deny file, This 
file identifies user* who ft re prohibited from using the at command. The 
file format is one user n<mieper line. The tile initially aanLiing: 


da=nign 

bin 

aicfcp 

nuxicp 

listen 

rLcbcsdy 

Q 



A urer who is d^nifd access to die.at c#acnand receives tin- following 
message whrn atflbptll^g lo u^e thtf command: 


aL: y*u are net a^Lhsirized to 


at. 



the /etc/crox.. d/ at ,d^rry file exist^but is empty, then all 
logged-in uacra acc^6£ die tit command; 

% ".¥• Jjf*: 

The /etc/eron >■£/&- .aJicftf File 

& 

K ‘"‘ Sie Mtd^crin.d/ac .allav; file does not exist by defaults so all users 

those listed in the /etc/cren.d/a- -deny hie) can create at job*, 
thtr /«tc/crgr*.d/3^ .allawfik, you create a Hst of only tho*e 
users who are allows I to execute at commands- 


The /ezc/cror .d/at« allcv file consists af user names, oeve per line. 

The interaction between the at .alio* * and the at. deny files fallow* 
these iule»: 

a If the £it. a b\v file exists, only the users listed in diis file eftn 
execute so. commands. 

* If die aLtallcv; file does not exist, cill users, except for users lifted in 
the at .dc.*ly file, uin execute aL commands. 

• If neither file exists, only the rccc user can useIhe at coauvumd. 
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Scheduling an Automatic Recurring Execution of a Command 


Scheduling an Automatic Recurring Execution of a 
Command 


You can use the crcn facility to schedule regularly recurring commands. 
Users can submit a command tu the crcn facility by modifying tlieir 
crvr.taJo file. 

All croncab files arc. mi intained in the /var/spocl/cr#r./cr#ntaJ ^5 
directory and are stored as the login na of the user that created the 
cron job. 

The cror. daemon is esponsiblc for scheduling e nd running tliese jobs. 




Note - J'he clock daemon, cron, starts at isMem boot and runs 
continuously in the background. . |§| 


W 


Introducing the cr»nta]» Fj|e Format 


% 


A cr*ntab file consists of lines of six fields each. The fields are separated 
by pr labs. Th« first fev# fields provide the date and time the 

eoitfJi&AiKt be schedukd/The last field is die full path k> the 
command. % 


Note - If die command field contains a percent (%) character, then att 
subsequent cha acters are passed to the commend as standard in put. 
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Sche duli ng an Automa tic R ecurrfng E xecuti on of a Com mand 


Th&e first fh^e fiold^ are separated by spores and indicate \%*hen the 
command will be executed. See Figure 1-1-5, 
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Scheduling an Automatic Recurring Execution o t a Commend 


The first five Bdbds follow I he i+nmat mies shown in Table 14*5. 


Table 14-5 Rules for the croncAb Fields 


Value 

Rule 

Example 

E 

Matches if field value is:: 

As Rhovn in the preceding figure for 
hour or minute, a 3 or 10 

H,JW 

Matches if field valm \h n, iz, or _y 

Every 10 minutes would ht* 
represented by 0,10,20,3040,50 

n-p 

Matches it’ field has values between n 
and _»inclusive 

The hours between 1:00 sun. and 

4:00 a.m. would be nepr^nentecl by 1-1 

1 i 

Matches all legal v.iluv^ 

As in t e p seeding example for lUv 
month, representing every month 


Using the crontabCommand 


1 he crw.tab enmraand enibw the user * view, edit, or remove a 
cr«r.t=ib file. 


Viewing a crantab File 

To view the content?* of the root cicah^l file, run the crontab -1 
\ as Lhi> root user. ^ 

# crontab - 1 ' 

ItiAanH JJ, JU2Q Ql/11^06 SMI" 

# The root crantab be used zo perfom accounting oata collection - 

4 

# lfee rtc ctEBivi io rvr to ad I) use chj© real clock if ar»d when 

# daylight savings tine changaa. 


i 

10 3 * * * /usx/sbir./iogacfci 

15 3 * * 0 /usr/2ilj/fs/ii£s/nC*f*nd 

1 2 * * ^ i -Tv /usr/sfcia/rtc &L /uer/e^iji/rtc -c > /dev/null 2>&- 
3D 3 ^ ^ I -x /usr/ lib/gsa/gascreh^cleaji ] kk 

/i^r/li.b/gs-/gs*cr-=?dL_c I ear 

#10 3 * * ’ /"sr/lib/krb5/)^rop_Bcript_,sJ3ve_'<dcs._ 
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Scali ng an Automat e He cufringjxe cution of a Command 


This is the same command that users run to view the •onlents of their 
own ersotab file. 

As the r«ot u&ec, you can view' the contents of any regular user's 
erontafc file by performing the command! 

# cremtah -1 usy»rna^ 


Editing a crontab File 


To treble or edit a crontab Jile^ follow these steps; 


1 Check that the EDITOR variable is set to the edi£ir on wont to list. 
This instiucts thi> crcn utility which editor to iise to open thi* file. 

^ EDlTOR=vl 
# ea&axrt EDITOR 


2_ Run the following crx*:tak cixnmand t# open your cronCad &]e r 
and add the appiopriate entry. 


# am tat 

30 1? - * 

iVKZ 


Aisr/bin/ferser "Ti/nw to go! 

TO 


> ■' dapr/twisole 



Note -Ef the users do not redirect die^fondard output and standard error 
of^^^-comnwid^ En the cr«nc£klile, ^i^geiierated output or errors 
decbncmically to the i*ser. 

—■- ftjft VMf ■ ■ HW- J - - 7 -- - _ 

"' ■ ® ira!:-! ■ 

Removing a crontab File 


HH'ii 

Tlfelifwf way to remove a crontab file is to invoke the command: 
4 errot-ab -r usersare 


Typical users ca n fmxn^ only the Lr own exentab file. The root user can 
delete Hny user 's crontab file. 



Caution - If you accidently enter the er«LXtabo*mmand on theconunnnd 
line without an op lion { J, -e, -repress the inte m>pt fce\*$ ControbC to 
exit l>o not pre9S Control-]}; this action overwrites the existing crontrib 
file with an empty file. 
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Scheduling an Automatic Recurring Execution of a Comman«l 


Controlling Access to the crontai Command 


Yon can control access to the crontah command with two files in the 
/e"c/cron.«l directory—the cr»r..-deny file and the ozon. alley* file. 

Ihese files permit only specified users to perform crontaJ* tasks, such as 
creating, editing, displaying, or removing their own CrCnced* files. 


The /etc/cr«n. d/cron. deny File 


The Solaris OE provides a default crcn. iLmiy file. Tire file consists of a list 
of user names, one per line, of the users who are not allowed to use cr«r.. 
lire following is an example of the contents of a cron deny flic: 


ctaenon 

bin 

nuuqp 
li.^Len 
nocoav 
noacc ec.A 

^ ' ■' .j 

The /etc / cron, d/cro^-Ya 1 low File 




The /cMn.d/t^cn.id 'M™ file dons noi exist by default, Sv all users 

{except those listed in fhe exon. deny file) can access dreir crcncab file. By 
crrali&g a gr^i.allowWb, you.can list only those users who can access 
IBnl® cominands. ,f\ 


Ihe file consists of a list of user names, one per line. 

■ r lit 

Ihe interaction between the cron .allow and tire cron, d^ny files follows 
these rules: 


• If dre crcn.dJ.loi^ file exists, only the users listed in this file win 
create, edit, display, or renrovc crontJLb files. 

• If the cron.iLllon^file does not exist, all users, except for users listed 
in the cron.deny file, can create, edit, display, or remove crunr^b 
files. 

• If neither file exists, only dre root user can mn tire cr^itab 
command. 
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14-2# 


Using the Solaris™ Management Console Job 
Scheduler Tool 

Thu Solans™ Manngenu-nt Console contains a Scheduled Jobs tool to 
create and schedule jobs on your system. Us^rs can manage jobs it the 
following conditions exist: 

• Their user j«mc appears m the /etc/crun_a/cror..Allow file. 

m The&r user name does not appear in the /ctc/crti<n.d/cro«:. cxerr-' 
file. 

• The /^tc/cron, d/cron.dll^ and /eze/cron,d/cron. den^files 
do not exist, and You arc the root user- 


To open the Job Scheduler fivm the Solaris Management Con&olo, click 
This Computer and then dick Service, and finally click Scheduled Jobs. 


Sec Figure 14-6 f»r an 
Scheduler window. 


mpJe of he Solaris Management Console job 


• V v 


^*]^wdr*i3 

Tim ^Iivs.: 


■ “ 

. . T r _ !: f'4 j.e '*■■-.*■ *-t\ 

'"■* L* 4^ +_ w fc* «,p 

i i 1 Wp 

t ;; 

Mgk-2:: * 



to 


W k #IMK-l W' 

t- r ‘ ^ ■ «*»*>•-* I 

4. h JL^j 1 

t % •■ ■■ 

r- If! , I r 

■p -14 .■ r,fc ii j’ 3 I Jir.ilf' 
# ’irwir-j 


-- 

SB 


IP”!.. 


.itessiii 

: . l^jrtiiu 

1i#4* :■ : j 

j^ri.rn 

■ « i. 

I’htu.’i Ml iVi-jrTWD*- ml 


•irtTnin-.j: 

: X6- Lt_:’4 

vw^mfinsrii 

Iplliiw^ii] n-ej/ 

lilfew, aw 


‘.Hi 

yiartfln<*V* 

' i'rt MVtfM’CY-] ml 

nsii 1 -: *i *t,M 

| 

■ & ' IE " 

lUrtlJfMHi 

1 - . .i-jib-n i»- 

III Hi >1 4- 

til 3. 


•Tto |> il 1 ^K 

I pfeipq i r-i* 

liltfj *jJH.» 

NnujiJuaii 

fijfrgjb'H 

r.iih >:hwm 

r4,.ibi|i S i-: m ri x 

fiairl *-i i 


Wm ni 

r.tit,gbpM-l 

ii>!|^fti|i r|,-ifi f 

r.ujjj 



j>Kjyri.i iifmi i..to 


fnhiih. 1 . in F uta JJ ruJ^rrtUH^-Trfl- H|J! i l b > UL r li axt lalsnwie: ii'tm np»- *<■ u ' .a -.U-.J-a 



Figure 14-6 Sob™ Management Console - job Scheduler Window 
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Scheming an Automatic Recurring Execution ol & Command 


You can us* the job Scheduler to; 

• View and modify job properties 

Select the name of the job in the view pane, and choose Properties 
from the Action menu. 

t Delete a job 

Select the job name and choose Pelete from the Edit menu.Ihe root 
user can dele be all jobs* Users can only view and delete their own 
jobs. 

• Add o scheduled job 

•■i*ose Add Scheduled Job on the Action menu. 

v 

• Enable and disable job logging, and *et search pathy 
Ch#«se Scheduled Job Policies on jpe Action menu. 

A 1 



— f 'Tm 
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Performing the Exercises 


Performing the Exercises 


You have the oplion io complete any One of three versions *f a loib. lb 

dea de which to choose, consult the following d^sciiptiens of the levels; 

• Level 1 - This version of the lab provides the least aniaunt af 

guidance. Each buliett>d paragraph provides a task description, but 
voumusl determine y#ur awn way uf accomplishing each task, 

a Level 2 This version of the Jcib provides more guidance, Allhough 
each slop describes what you shauid da, van must determine lho 
commands (and options) to input. 

a Ltn r d 3 - This version of the lab is the easiest to accampltsh because 
each step provides exactly wliat you .should input to the system. This 
level aJso includes the task soludans for albjhree levels. 







* 



\ j 
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Exercise: Using Pr«»essContr#l (Level 1) 


Exercise: Using Process Control (Level 1) 


In this exercise, you use the Process To*l the prstat comnwnd to 
monitor and kill processes. You create an at job and create an entry in u 
cron tab tile. 


Preparation 


Refer to the lecture notes as necessary to perform the tasks listed 


Tasks 


Complete the f •Having ta*ks: 

• Start the Process T—\. Rim the orstat •ommaivd in a window. In a 
separate window, run the find / command. Make n*te of die CPU 
percentages for the find command, as displayed by the erst at 
command and the Process Tool. Open a third window, and identify 
the PID o|.the shell ninning,in it Uae the Process Tool t# sh*w the 
Ancestry of lhe shell proce^k Usetlie Process Tool to kill the shell 
pr#c'e$$. Use the Proems T*ol t* send the T3RM signal t* the prstat 



di&pLfji' me current time of day. Submit an at j*b that echoes Test 
to y*ur current window. Have the j*b run five minutes 
Vu t rent time, and submit it to the queue called x. Display 


the.at job in the queue. 


(Steps 7-10 in the Level 2 lab) 

• Set the 1GITDR variable to vi. Use the ertntab command t* 

determine when the logadm process is Scheduled to run. Use the 
crontab command to edit the crontab tile for the rmmt user. A4d <m 
entry that sen4s the message It v/ork£ ! io your current window" 
five minutes from die current time. 

(Steps 11 14 in die Level 2 lab) 
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Exercise: Using Pro c ess Con tr ol (Leve l 2 ) 


Exercise: Using Process Control (Level 2) 


In this exorcise, tou use the Process Tool and the pxstat command k> 
mom'tor and kill processes. You create an at job and cnrate an entry in a 
crci.Lob hie. 


Preparation 


Kefer to (he lectun* notes as nece«i»ai>‘ io perform lhe tasks listed. 



Task Summary 



in this excise,, you aernmp]! 4 ^ the idfktwmjg 

• Start die Process Toal Run the prstat command in a window, in a 
separate window, run the £/ combin'd. Make note oRhe CPU 
percentages for the find command/ as d£played by the pra-=9~ 
cifliunand and the IVucess Tool. Open a third windo^V and identify 
the PID of the shell running Use Frcxesc^ lool to show the 
ancestry of the shell process. Use the Ptx)ce^ >To«l io kilt the shell 
process. Usje the Pn»ces$ Tool to *er»d the TOftl signal tv the prsc^c 

Exit the TVcxsa** loot when you are Gni<*hed. 

• ld«SUfy Hit 1 de\nce as^ociaj^d with your current terminal, ^nd 

diypfeffethe current time of day* Submi t an at job that echoes 7ast 
CdT^Lere to your current window. Have the job run five minutes 
from the current time, and submit it to the queue calltni x, Display 
ihe Io die queue. 

• Set variable fc> vi. Use the command to 

detamina when the p*>oess is schi?duled to run. Use die 

cror.tcLb coinmand io cd il the crontajt file for the root user. Add .on 
entry that sends the message ic works! to your current window' 

five minulea from the cujrent time. 
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Exercise Usm§ Pfrosts Control (Level 2) 


Tasks 


Complete die follow oig steps: 


1 . 


2 . 


3. 


4 

5, 

m 





8 

9. 

10 


Log in aS the roor user and open a terminal window. Start the 
Process Tool either by selecting the Find Process option from the 
Front Pond TooIb menu in CDE or by invoking die appropriate 
command from the command line. 

In the Process Idol display, s*rt die listing according to CPlW/ and 
change the sample time lo five seconds. 

Open a second terminal window, and run the prstat command. 

Position the Process T«ol and the winci^in whkh the prs-tac 
command is nmning so tftiat you can observe both simultaneously. In 
an avaiLible run the find «ju\rnand to list nil files on y#ur 

system. Observe how the Process Tool and thepr^tiit command 
display statistics fur the £Lnd command. 

What Is the maximum percentage of aerau CPU time u^ed by the 
find command astit executes? |= ]p 

Open a third terminal ^ f«do w r and run Lha p a -r ymmond to 
determine the PID of the shell. Fecord thePlQ,you find. 

In the Process Tool locate -ihd select the shell process you identified 
in the previous step. Solemn the Sh^lAncestry option from the 
Proces^henu ixi the Proems IbUjL^Attiat is the no me and PID of iho 
first proCUBB teled? ^ 

Ck - #*- the Show Ancestry window. Again, select the shell process you 
identified in Step 4. From the Process menu in the Process Tool, 
sde$%ie Kill option, Wlvtt happens? 

In the Process Tool/ use the Find function to l+cate the pret-at 
process Seletl the Signal option from the Fro«^ menu. In the Signal 
fill-in field, enter the ‘ASK* signal, and dick tK What happens to the 
prstat pnxvsfc? Qose the PninK Tod when you are finished. 

ldoitify the device associated with your current tectnind by uying 
the tty command, and display the current time of day 

Submit an at job that echoes T 1 - 5 - Ccsrplete to vour current 
window. Have the job run five minutes from the current tim^ and 
submit il to the queue called x 

Display the «L job in the queue. 
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Exerciae: Using Process Control (Level 2) 


It. Open a new wirxJow and s d und export the E) l r ?CR environment 

variable to use the vi editor to edit cron tab flies. 

1 1 you ere using the ^•uiTie or Korn sheila perform the command: 

# ETffTCffi-vi 
h export EDITOR 

If you are usinfc the C shell perform the command: 

$ sit«nv roiTOR vi 

12. Use the crontafr command to view the current cronteC? file f or the 
root user- 

13. When is the logactiproc^ scheduled to run? 

14. Use the crprtab command to edit the crpntab file /or the ro*t 
user. Add <m entry that send# the message It Mgkaj to your 
current window five minute# from now. For * xaappiejp the current 
time is 10 J _25, iriake an entry in your cr*ntab file kr the\3#tb minute 
of the same hour. 

Save the file, and quit the vi-*di‘t sessjorn In about Jh^pinutw, yu 
should sec tJv* result in vour window, 

1 : 




% " 

m, ft. 

*| 

wv\ 

C 

% 
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E*e/qise: Usiing Process Control (Level 3) 


Exercise: Using Process Control (Level 3) 

In this exercise, you UtfC ihe Precise Tool and the prstat command to 
monitor and ki]l processes. You create an at job and create an entry in a 
czrpr.tab file. 


Preparation 

Refer to the lecture notes as necessary to perform the tasks listed. 



Task Summary 


In this; exercise, you accomplish the foltbv 

m SLirt the Process TooL Run the m a window. In a 

separate* window- run the Iir_d Make note of the CPU 

penvnhig^i fur the Zxo* cocnmDrxi as dismayed by the prstvo t 
oommandbind the Process Tool Open a third window, and identify 
the PIDofthe abell miming :n it. U»c the Process Tool to show the 
ancestn of the hhelLfsnxess, Use the Process Tool to kill the shell 
process.. Lik> the Froceas Toai.to send the term signal to the piatat 
prwess. Exit the Process Tool vvhert^tni aie finished. 


• lcic-ntify tho device associated your current terminal, ai*d 

display the current time of day. Submit an at job that echoes Test 
Ccxnple<L* lo your cujTent window Have the job run five minute 
from thucurmnt time, and submit it to the queue culled x. Display 
tlie At job in the queue. 


• Set the ECITOR variable to vi. Use the ezrontab cvmmand to 

determine when the process is sctieduled to run. Use Ihe 

crontab command to edit the crcncac hie for the root user. Add an 
entry that sends the message it wr T *s! to your current windivw 
five minules from the current time. 
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Exercise-: Using Process Control (Level 3) 


Tasks and Solutions 


Complete the following slcps: 

1. Log in as the ro*t user, nnd open a terminal window. Start the 
Piocess Teol eitlier by selecting the Find Ptuceas option from the 
Front Panel Toels menu in CDE or by Invoking the appropriate 
coitunanil from the command line. 

# /uer/dt/biji/Bdtproce«« & 


i parscac 


* find y 


a ps 


In the Process Tool display, sort the listing according tv CPUand 
change the sample time to five secands- 

2. Open a second terminal window, and ran the pnscac cummand 

3. Position tto Process T««l and Ihe window in which the prstat 
comnv\nd is running so that you «bserve both simultaneously. In 
an available ivindow, run the fi^c«mmand lo listen files mx your 
system, Ohserv;e henv the IjtoCBSH Tool and the prstat command 
display etatisJliftfar the find command, 

Whnl is the maximum percentage at recent CPU ticnc used by the 
find a^nmand as it executes? 

Thuf mm's according to y$ur system ouffi&frdtion Sonic systems might 
display mlucs hi thti^Q-percent magi’. 

4: Open a third terminMwihdow, and run the ps command to 

detwmin*' the PJD of the shell. Record the PIP you find. 



Your wfnc opyeors here. 

'*V 

In the Proce$& Tool, locate and select the shell process you identified 
in th* previous step. Select the Show .Ancestry option from the 
Proi fc* menu in the Proceed To#L is the name and PIB of the 
first process listed? 

7 'In 1 PIO vffrfc& sifsfems running theCWE, the first process listed 
slt&uld bi • /uz-r/d^/bir^dtl o^rin. 


6 Ouse the Stow Ancestry window. Again, select the shell process yxiu 
tdcnlilied in Step 4, From the fVooes menu in die Process To»h 
sdccl the Kill •ptfan. What happens? 

The process sitps, and the window iu> longer appears. 
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Exercise: Using Process Control (Level 3) 


7. fn the Piuceys T 1, use the Find /unction to locate the prstat 

process. Select the Signal op dsn from the Process menu. In the Signal 
fill-in field/enter the TERM signal, and cfick OK. VVhat happens to the 
prstat pr cess? Clsse die Process T#oJ when you are finishcd. 

The pr&tat process terminates, mui the prompt appears in Lhe wituitxv in 
zohich it ran. 


ft, Identify tlie device associated with your Current terminal by using 
the tty command, and display the current time of day. 

# tty 

(.somethin? like /dev/pts/4 should appear 

# clace 

(current date/i:iiir.e appears) 

9- Submit an at i«b that echoes T^z Cc™P]et.e to your current 

window. Hav^e the ]mb run five minutes from the current time; and 
submit it to the queue called m 

# at —q x Vj;3G y 

at> echo "Test Ocwipiete ir > /d^v/pta/# •! n i dll^rciri the tty c«rrimn4;' 

n t > ’ xOomt rol-I» 

cdrrrends will be c^cut^d uning /*bfn/eh £ 

jcb $b$16340C,x at t*ri May 12 13:30:00 2000 

# 


t* at<i 


It. Bisplay Ihc Fit job in the queue. 


gffifiSfiSasafo 

11^* ©pen a window £nd sci and expert the KDITfR environment 
%iiable lb use the vi editepr-to edit cront&b files. 


I|,youaie usin^ the Bourne «r Korn shell, perform the command: 


w ECl'PQp^vi 
•i EDITOR 


If y&U Aitt- using the C shell, perf rm die command: 


It setPttv EDITOR vi 


12. Use tlie croncab command tm view the current crontab file f*r the 
rccr user, 

V- Crontab -1 

13. When is die loga. dn process scheduled to run? 

Ten minutes afiiv 5:00 tun. ov nil days 
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Exercise: Usin«| Process Control (Level 3) 


14. Use the crontafc —mroand to edit the erontafr hie iOr the root 
user. Add an entry that sends ihe Tt \*orke ! to >-»ur 

current window five minutes from now. l ; or example/ if tlie current 
time is ll:25, m&kc an entry in your er«ntaJD file for the Sfth minute 
of the sarcv hour. 


it tty 

/dev/£t£/* 

^ data 

?TJU *W11 10:25:14 POT 2000 
w crOnt^b -• 

/W*/ /he/o/,Ww£ tfte o#mx t time and terminal device: 

30 10 ^ * /^r/Jt>in/erhc “It vsczrte.' ' > /dev/pts/# 


Save the {ile> and quit the vi edit tess' 
should see the result in vour window 



In about five minutes, you 
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Exercise Summary 


Exercise Summary 

Discussion - Take a few minutes to discuss whdt experiences, issues, or 
discweries ymi had during the lab exercise. 

• Experience 

• Interpretations 

• Conclusions. 

• Applications 
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Module 15 


Performing File System Backups 


Objectives 


■■■> V 

Upon completion of this module, you should be able to: 

• Identify the fundamonla l £ of backups 

• Back up an unmounttvl file system 


The following cuun** map shew* hnwjihis module fils into live current 
jn.<Uructiunai goal. 

Performing System Backups and Restores 


FM Sy5*et§? 

Backup ^ Ml 

*■ '. ■■■ • ■ ■ ■ 

m 

Figure 15-1 Couise Map 
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I m r e ducin g the Fund a mentals o f Saqfap s 


Introducing the Fundamentals of Backups 


A crucial function mi system administration is to backup file systems, 
backup? safeguard against delta loss, damage, or corruption. Backup tapes 
are often referred lo as dump tapes. 


Importance of Routine File System Backups 


!• back up tile systems, you copy file systems to twiovable mediae such 
as a. tape. Y«u perform backups «n a regular basi$ to prevent loss of data 
due to: 

• Accidental deletion of files 



Hardware failures 


Problems wtlb reYnsUlLuTons or system upgrades 

Svntem crashes 

J 

System birak-ms bv unauthorized usas» c^nfr»mn ising data 
integrity 

Natural disiiisl^pb^ C*». 
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Introducing the Fundamentals of 0eickups 


Tape Media Types 


able 15-1 shows typ'ioal tap*? media Ihstyeu can uset# store file systems 
dunng the backup prices*;. Select media based on t]*e availability of 
equipment and your preference. 

Table 15-1 Tape Media Types 


Media Type- 

Capacity 

1/2-inch reel tape 

140 Mbytes (6250 bits per inch) 

1/4-inch cartridge (QIC) ; 
cartr.dge tape 

8 Gbytes 

H-mm cartridge Uipe 

40 Gbytes 

4-mm digital audio tape (DAT)- 
caitridgp tape 

24 Gtntes 

IX T° 1 /2-inch carl-ridge tape 

70 Gbytes 

LTGr* cartridge tape 

ic| Gbytes 


1- QIC t+nnch for quiftitw-oim fdjH* 2, DATstands far digital audio tape. 

3 DL tsUiufc lot distal linear t$pe< 4. Lfl* stands for linear tape •pen. 

,Q 

Th^ capacities in tJn^pble are appi*p%ii?tte. Tape capacity 7 increase'll with 
neiv technulu^v. Check Liu- cloi u mentation that comes wi th tl le tap* 
device tt&cktennine the capacity 


Tape Drive Naming 


m 


All tape drives have logical device names that you use io reference the 
device on the command line. Figure 15-2 shews the format that al. logical 
device names use^ 


/dev/xmt/An 

ill 


Logical tape number- 

Tape density (1, nr, h. c: : u) 
No rewind -- - 


Figure 15-2 Logical •evice Name Format 


1M 


Patfoiirirng. File System backups 

C<f^>airoSut MCrBlfSfcwifSrr. 



















































i ntroduc ing Ihg Fun da mental s oJ B ackup s 


The logical tape numbers in the tap* drivenames always start with 0. For 
example; 

• The fiisl instance of a tape drive: 

/ctev/unt/ C 

« The second instance of a tape drive: 

/ d^v/rrrc/1 

» Ihc third instance of a tape drive: 

/dev/r:flt/2 

Two optional parameters further dvfine the logical device name: 

• Tape density - Five values can l>e given in the tape device nan'ie: 

I (low), it (medium), h (high), c (c^mpressed^ or u (ultra 
compreas^J). 

• No rewind - The leltor n at the en$ of a Liptf devf oc nnrne indicates 
that the tripe should net t>e rewound when the current operation 


complete*. 


Tape densities depend on the f|pe drive. Check the .t^anufad urer'y 
documentation to detenu in rihe correct densities for tkc tape media. 

Inpe drives 1 hail support data •ompnwon contain internal hard wane thal 

jj^rfornv; ^ compression. Hardware compression uses, more space than 
the tfjftwar^rurnpi'ession you can achieve from the Solaris 1 * 1 Operating 
Environment I'Solpris OE) conpr^s cnmtnand, but compression is muc 
taster. If you hack up a software-*ji»ipiessed file with liardware 
•ompressiqiv the rejultanl Jllc Is larger in size. 
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Introducing th© FundamenlaJs of Backups 


Tape Drive Control 

You use the nt command (magnetic tape control) to send instruc tions to 
the tape drive. Not a I] hip* drives support all nt commands. 

The format for the ni“; c mnw>d is: 

itL -I dwirw-Jicsre ocms.^j uw. 

You use the -f option to specify the tape device name/ typically a 
no-newind device name* 

Using th« mt Command 

.ft. 

Table 15-2 lists some of the mt commands that you can use to control a 
magnetic 1 tape dr.ve. 

Table 15-2 Definitnatos of tr.L Commands 


Command 

Defialiiil 


Displays Stahls inioii&aijofi about the Tape drive 

rrx rewind 

Rewind* the tape 

mt c-tfij.no 

1 m 

Rewinds Ihr tape and r if appropriate, takes thar: drive 
unit offline and iJ|hfe hardware duppoita it unloads 

nt. t&i count 
i- 

Moves the tape forward -nunr records 


The fallowing mjuxmaiui por tions the tape at the beginning *f the third 
tope ttooord. 

1st -f /d»v/aot/0tn fsf 2 
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I ntrod ucin g I be f u ndamen tal s of Ba ckups 


Strategies for Scheduled Backups 

Ihe mostcoinnitKn method to schedule backups is to perform cumulative 
incremental backups daily. Thi's schedule if, recommended for most 
situations. 

lo SCI up a backup schedule, determines 




I'he file syntems to back up 
A backup device (fur example, tape driv^e) 

The number of tapes to use for the backup 
'[he type of backup (for example, full or incremental) 
The procedures for marking and storing tapes 
The time it bikes to pcrJonn a backup*! j; 


Determining File System Names toBack Up 

£ 

•ispkiy the contends of the /etc/vf $tab Me. Then view the 

mount joint. column to find the name of the file System dial you want to 

back up. 


Determining the Number of Tapes 

You th^Pnumber ot t^pe^for a^ackup according to the size of 

the fcie system you are backup up. 

dele inline the s:ze of the file system, use [he ufsctu:^ eonimand with 
the S option. Tho followiTvg are the cominand foimits; 

it ufccfciTip 

<rrjrxber 


or 

f 3s £±l*syztas 

<_nuj^er lGP»rted> 

The numeric option determines the appropriate dump level. The output b 
the estimated number of bytes that the system requires foe a eomplete 
backup. 
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Introducing the Fundamentals ol Backups 


Di\hde thi> reported bytes by the capacity of the tape to determine how 
Tti^iny tapes you need to backup the file system. 


Determining Back Up Frequency an«l Levefs 

You determine how o/ten and at what level to backup each file system. 
The level of a backup refers to the amount of information that is backed 

up*- 


Identifying Incremental and Full Back Ups 

You can perform a full backup or an incremental backup of a file system. 
A full backup is a complete file system backup. An incrcznflital backup 
copies only files in the filesystem dial have been added or modified since 
a previous lewerdevel backup. 


You use lump level 0 to perform a full backup. Yon-use Dump Levels 1 
through S> to sdicriiitotmTumental backups. The level nuntbeps have no 
meaning other than their relationship In a*ch other as a higher ow lower 
number. 

Figure 15-3 show*; ^example of a* fife svsbem backup performed in 
inciementnl It^els 



Flgu/c 15-3 Incremental lack Up Strategy 
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Intr oducing the Fundam entals «f Bac kups 



is-e 


Table 15*3 defines the elements of the incremental backup strategy shown 
in Figure 15-3. 


Table 15-3 Incremental Rack Up Level Definitions 


Level Example 

0 

(Fill)) 

1’vrformed once each mantlv 

1 

3 

Performed evrrv Monday. “3 hi* backup copies new nr modified 
hies since the lust lower-level backup (far example, CJ. 

4 

Performed every Tuesday, '['he backup copies new or modified 
llk^ ^inee the \ t v4 turner-lev el backup (far example, \)- 

3 

Performed every Wedm-sdAV "Ihe ackup copies new or 
modified file:? b nee the l^st lowcMcvfcl backup (for example, 

i). *" ||j' 

[£ 

Performed e very Thursday. I he backup copies new Or 
modified fi Vs *mce the last lower-level backup (for example, 

5). 

•&•. •• <& r? 

2 

i 

PerfomW eve^> Friday. The b^cSip copies new or modified 
files since the last lower-level backup, which is the Level 0 
backup a t the beginning; of the month. 

5 

Note - Many System administrator* use the crontah utili ty to start a 
script that runs the of ©dune command 
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Introducing the Fundamental of Backups 


The /etc/dunipcUtes File 


Tht* /ett:/dua^ddte5 file records backups if the -no tion Is used with 
the ufsdu-Tp command. Each line in the /etc/du-trpdates file shows the 
f:Ie system lhat was backed up and the level of the last backup. II also 
shows tlie day, the date, and the time of the backup 


The fallowing is an example /etc/durpcfetes fiir; 


■ cat: /etc/dta^dates 

/dev/rdsk/cCt2dfs6 • Fri Jan 4 19:12:27 2CC2 

.'dev.'rtlsk/cOt^dOsO 0 Fri Jan 4 20:44:02 2002 

/dev/rdBk/cOtOdOfi7 C tue VJxr 12 M;58;2E 2002 A 

/dev/rciak/c0 1 idCs7 1 Tua Mar 12 16:25:29 2002 



Whsi an incremental harku p i % f n-rformed, the ui edurp ccanmand 
cojvsuJfe the /otc/=^wdatec file. It looks fur the dale oi the ue*t 
lower-level backup. Then, the ufedurcc command copies tojhe backup 
media afl of the Cifchat modified •*a<|Jkd since of thitt 

lower-level backup. 

When the backup is owuplete* the /ott:)^urnpdaces file records anew 
entry that describes this backup Thenew entry replaces tlie oitiy fox the 
previous backup at that lew. 

You can view the /etcfile to determine if the system in 
completing backups. Wg. backupdo«s not complete because of equipment 
failure, the /^^c/ctjnpdaL=s file <!oes not record the backup. 


Note - When you are restoring an entire file system, check tlie 
/et^d'.JTpdate-S file fora list of the most recent dates and levels of 
backus. Use this list to determine which tapes are needed t# rcstoni the 
entire file system, The tapes should be physically marked with the dump 
level and date of the backup. 


Per farm jr>g Fiis System Backups 
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Ba cking U p an Unmounted File System 


Backing Up an Unmounted File System 


Cheek that the hie system is inactive, or unmounted, before you back Lh* 
system up. If the tile system is active, the output of the htUkupcan bo 
inrraxsistent and you could find it impossible to restore the files correctly. 

The ufsAijirp Command 

The standard Solans OE command for ufs- file system backups is 
/ usrstfXTC. 


file syRtftm. 



c 




:\ 
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Sacking u pan Unmounted Fite System 


Options for the ufsdunp Command 

Table 15-4 defines several common •ph'onb fox the if s£USt(p 


TabJe 15-4 Option? or the ufsdunp Command 



Option 

Description 


0-9 

Dock up love!. Level D is a full backup of Hie file yyaleip; 
Level a I through 9 are incremental backups of files- that - 
linvc changed since the hist lower-level backup. 


V 

Verify. After each tape is written, the system verifies the 
content oflho edia against the source file system. If any 
discrepancies occurs the syi^em p oxnpLs the operator to 
insert new media and repeal the process. Use ihi^ option 
only on an unmounted fife system. Any activity in (he file 
system causes the system to n-pcTt discrepance 


s 

Siae estimate- This upturn allows you to estimate the 
amount of space that will be needed on the lap* h> perform 
tfn* lev el of ackup you want. 


1 

Autoload. You use thi s option withinautoloading 

M 

p! 

*W % ■ jrfi 

& ^ n 

Of/liriu. When the backup is complete, the system Nkeft the 
d mv offline, rewinds the tape (if you use a tiipej. n mi., i f 
possibid, ejects the media. 

- & 

ft. 

\ life 

3 . ! rr . 

Update, the system c eates an entrv in the 
/etc/dii'^pdates file with the de dee name for the file 
tfYfttem disk slice, the backup level (f_ 3 ), and the date. El¬ 
an ntiy nlre dy exists for a ackup at the same level, the 
system replaces the entry . 


n 

Notify. The system sends messages to the terminals of nil 
king d-in u ers who are members of the sya grouP to 
indicate that the - f sduap command requires attention. 


= device 

Specify. l>i*- system specilits the device name of the file 
$y*t m backup. When you use the default tape device, 
/dev/rmt/l, you do not need the -t option. The system 
aaautnetji the default. 


Perfgi7n‘mg File System Gacfcups 
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Sacki ng Up a n U nmoun ted Fite S ystem 

Tap© Back Ups 


You use the ufsdurrp command to craite file system backups to Lipe The 
clump level {G-9) specified in the ufsduirp commnnd determines which 
files io bdek up. 

Using the -ufadunp Command 

Perform the following steps to u<3e the ufsdurrjs command to start a tape 
backup: 

1. become the ~o*L user to change the system to single-user mode, nnd 
unmount Lb* file systems 

it /uer/afiin/Shutdcrwn -Y -g300 "Systran is baing shut^Mi for backups 


£ ire c down Etartsd- 


mx 24 J*-i 200 W. £5T 


=>s« ttgLJati 24 
silnuL«|? & 


Broadcast Message: fr^nr. roet cn. 

The system host 1 will be shut aown in $ 

SysL«a is being 5cutd*n> far 

2. Verify that thf if^qi’-rT/hDruk fill,' system w^iinmounted with the 
shutdown comlfi&L If unmount it nwnu&iy. 


3L Check the integrity of the f% system data with the £ sc* cammiind, 
it fack ye^odrt/jfi^fw 

4. Perforin! £ t'ull (Level ti) backup of the /export/oicswe file system. 

v Ouf /dfirtr/not/0 /eg^Qit/hnet 

ufsduntp tu£ ,'export/r.»r\e 

•UWP: ' fcllo^£e recards 

Ccite of this x« 3 Lfl aurnp: Thu 24 Jan 2C02 #1;06:4~ Ft*! M2T 
Date ct fast iwel 0 di#rc- t^-e 

to /d.ev/ nt t /: h 


DUMP: 

DUMP: 

DUCT.- 

lUMPi 

IXJMP: 


Disrpins / km! rdsk/ At. [>d3s7 ttios c 1; /&<£> =rr / hews) 
Happing (i) .[reiiulrir files] 

Mappir-3 (Piusa ilj [directories- 
DUHF; 3stjjK>zi=& 1126 bloc's <563 fB>. 

DUMP: Butftpans {Paaa Til) [directories] 

MJXP: Dunplnf (page rtf- [rofuiar fi les] 

DUMP: Tape rewinding 

DUMP; 1036 blocht <543*3) cn 1 olunte at 1003 KB/aec 
DUMP: DUMP IS TOMS 

H17YP; Level 0 cnxop cn Thu 24 J±tl 2002' 01:06:47 PM MST 
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Backing Up an Unmounted File System 


Remote Backups to a Tape 

You can use the utgcium? command to perform *1 backup on <t remote tape 
device 

The format for the ufsauxe command is: 


ui s sunp opr. i am? rerco tshost 11 titp&devi aa f i 2 ways Heir; 


To perform remote backups across the network, the system with the tape 
drive must have an entry in its /, rh»s^s file for every system tlvat uses 
the tape drive. 

Usinfl th« ufsdunv Command 



The following example shows how to perform a full (Level §) backup of 
the /expcrc/rxn« file system on the hcszl system, to the ranote tape 
deviec on the ftoqH jystsm- 




ZTtJK^^ r Atiii:jy 27 KilcbyLtj rprords 

DUHP: D*te ot this lsve2 0 dU-*np: 'j.tll 24 J an & 0.1:13:55 PM K$T 
DtElP; E^te of Las- level - the IfelGch 

DJHP: /dev. rdfck/cOtDdOs? rh^stl; /exp*rt/bom 5 } to 

host2 i /ZfFTS&O^f'i G. 

DUK?; :-iippiog 4ttss i) [regular filjhsj 
1UMP; Mapping (Buss II) f directories) 

DUMP: E^tirnated 120 Mtik* (X6CLKR). 

IXMPr Hrr^u^ (Pass T±$ (directories) 

3UI5P: l^uoplfic , (Pa4r& IV) IrGgulai- filesl 
DUK?: Taps riHfivn^ing 

DUMP: 21$ blocks- *159KR! Oal 1 volume at 6^1 KB/^eC 
DU>fF: ETJMP IS 

DUMP: Lavei 0 durrp Or. 7 m 4 Jan 2007 nl l13:55 PH MS? 


Performing Fiie System backups 
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Pert o mi ing theE x ercises _ _ _ _ _ __ 

Performing the Exercises 

You lmvc! the option to complete any one of three versions of a lab, To 

decide which to choose, consult the foUoiviiyg description* of the levels: 

• Level l -This version of the lab provides the least amount 
guidant'e. Each bulleted paragraph provides u task det'Ciiptiom but 
you must determine your own way of accomplishing each taak. 

• Level 2 This version of the Irb piwides more guidance. Although 
each step describes i^vhat ym u should do, you must determine the 
commands (and options) to input. 

• Level 3 — This v*ision of the lab is the easiest to accomplish because 
each step provides exactly what you should input to the system. 7 his 
level also includes the task solutions for all three levels. 


4 
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Exercise: Backing Up a File System (Level t) 


Exercise: Backing Up a File System {Level 1) 

In this exercise, you hack op an available file system on your system. 


Preparation 


This exercise requirw a system that is eenfigured with a tape drive and n 
hie system that in available to unmount This exerdse assumes th*it the 
/ex^ort/hotrje file system exis.ts on a separate partition from the / (root} 
late s.vsleni and can bi> unmounted. Identify the slice on which the 
/exp #rb/hOTN5 file system resides. Get a tape that is appropriate for your 
system from the instructor, 

Tasks 

Complete the follcnv-ing ta*k£: 

• Use the command to rewind the tape to Hie beginning 

• Use the uf «dun^ cvmrnarid to creatfl a tape backup of the 
■•'e^port/hecne file system, Make sure thbHfte /^tc/dumpbinte* file 
is updated. 

|||| (Steps 1“4 ill the Level 2 lab) 

i * Add flfil and directories to the /^xp^rt/hone file system. 

(Steps 5-6 in the Level 2 lab) 

Use theufcid’^P command tedo an incremental backup of the 
/ ax|®$ihcjr)e file system. 

(Step* 7^9 in the Level 2 lab) 

• U sc the me comm and to remove the tape horn the tape drive. 

• Review the hte- 




(Steps 10-12 in the Level 2 lab) 


Performing File System Backup* 
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Exercise : Backing U p a File S ys tem (L evel 2) 


Exercise: Backing Up a File System (Level 2) 

In this oxwise, you brtok up an available file system on your system, 


Preparation 


This exercise requires a system that b configured with a tape drive »nd a 
file system that is available k> unmount. This exercise assumes tha t the 
/export/h^ne file system exists on a separate partition intim the / (root) 
file system and can be imrao unted. Identify the slice on which the 
yexport/hem^ file system resides. Get a tape that is appropriate lor your 
system riom the instrn tor. 

Task Summary 

In thj^ exercisL.\ you accdiirtpliyh. the lot I owing: 

• CVe the r±iwmrnct to rewind the tape to Ihe beginning. 

% 

• Use the comtnand to c rctte a tape backup of the 

/export/horre file svsienr^ 

• Add files and directories to the export file svstem. 

mm - | 

• Use ihe ufsdfci*# commsintjplo do an incremental backup of tlw 
^^port/hOEfte file system. 

iKJ the mt asnmand to remove the tape from the tape drive. 

Review the /etc/cun^3iAt^& file 

Complete the following steps 

1. Unmount the ^'export/hoM file system. If your system reports that 
tho /expo* ./honf file system i$ busy, use llu ; i \unounc -f command. 

Z. I nsert a tape into your tape dm**. 

3 Use the m t command to rewind the ta e to ihe beginning. 

4. Use. the aiiuira command io create a backup for the /esepor t /her te 
file system. Make sure that the /eec/«tuESXist®e tile is updated. 

5. Mount the /export/hctte file system. 





Tasks 
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Btercisa: Backing Up a File Sysiem (Level 2) 


6l Copy the contents oi the /etc/uucp dihertury to the /wcpcr-/ho« 
directory. 

7. Unmount the Tile system, 

8, Meve Die tape to the ne*l tape record. 

% Use the ufsduiifo c ommand to create an increments I backup /or ihe 
/expert/hcroe file system,, using a non-rewinding device. 

10. .Rewind and eject the tape from the tape drive. 

11. Set the tape aw de for Lise with subsequent labs. 

12. Review Che contents of the />"c/d--^daT:os file. 

13. Mount the /expert/Nan* file system. 



Performing Fife System 8ac*uP* 
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E xercise: B a cking Up a File Sy st em (Level 3) ___ 

Exercise: Backing Up a File System (Level 3) 

fn this exercise, you hack up a n available file system in your system, 


Preparation 

This exercise requires a system that is Configured with a tape drive and 
file system dial is av ailable to unmount. litis exercise assumes that the 
/ex»oi+./hctf\e file system exists *n a separate partition from the / (foot) 
file system and can be unmounted, ldentifv the dice on which the 
/expo* p a /housefile system resides. Get a tape that is appropriate tor your 
system from the instmetor. 


Task Summary 

In this exercise. you accomplish the following: 

• Csftf the zut command ip rewind the tape to the beginniitg- 

» Use the .command to cmiie a tape batffcup o( llie 

/expcrL/homt filesystem 

• Add files and cfirB£*>*ies to the ^xpora: / hocne file system. 

* lh j |:.uted , Jjrp command to do an incremental backup of the 

1 pome fil e fygtew. 

* Use iW ait command to remove the tape from the tape drive. 



Tasks and Solutions 

Complete the following ttep&: 

L Unmount the /eoepprt/herc^ file System. If your system reports that 
the /temper c./b»n£ filo system is bu*y r use the umaunt -f command. 

tf vinount /tzxporr fhcxm* 

Z Insert a tape into yxiur U pe drive 

3- Use the mt command to rewind the tape to the beginrunfc- 

4 rewind 
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Exercise: Backing UP a FJo System (Level 3) 


4- Use the jfsdmm command to create a backup tape for the 
/ exp erL/hour,e file system, where c£t#di£s* represents, II you 
cannot remember which device the/export/heme filesystem was 
mounts *n, vkw the contents of the /etc/vf szab file with the 
Ommand 

tl ufwAurp Ouf /dw/n* t /0 /d®v/rdBk/c#t&i#a# 


i::. 

i t 


Y<w see rwfpwt to: 

Oul /dev/ntc/O /d^v/rdek/cCdCtCs? 

"«fcritir-g 32 Kl^o^yr<? records 

Data of chia level C 1 ^nucpjThu 24 J^n 2002 01i06:47 PM WST 
Dare of lsst level G dtrnp; rhe epoch 

•curpinc /oev/xds lc/cOtOdlsT (sy£ 44 l: / eX£«#rt/hfin») oc /dev/rot/• - 
Mapping (P&ss X) Uvular files] 
i*fcppir_g {3 slsm TI) : directories] 

1125 blocks (563KB). 

DuTpinf (r=iss I-l) [li.riicuaries] 

•urnpinc (paiii IV) IreSUlaJT file^J 
Tape rcolliding 

1096 b.oc^s (542KE} on 1 vdIum at 1303 K£/sec 
-1 9CNZ 

Lfiv«l 0 dij.Tp On T'.^x 24 Jan 2002 01:D6:&7 FI4 K£ - * 

5l Mount the ^experrt/haaf-e file system. 

/tapmt^bms 

6. Copy the contents of the /etc/tfu ^directory t# the /e^crt/hcctie 
directory. ^ 

# cp -r /•tc/uuep /«*parc/hc*a© 


Ufsduirp 

d u±n?: 
Dt£lP: 

1 GMP: 
2WP; 
DLl-LP: 
DUMP; 
DUMP; 
LXJMF: 
ZUhLP: 
fXYl^ 
MJMF : 
PUMP: 


\ 


7. Unmount the /e^cn/hgme filesystem, 

n umaunt / axporc / hoovi 

ft. Move the tape to the next tape record, 
t* At -f /dmyr/zn c/On £c£ 1 


F^ifarmi^j FldSysfem Backups 
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E xercise : Ba cking up a Fite S ystem (Level 3) 


Use lb*? ufsdurr^ command to create an incremental backup fur the 
/dxxKjrt/hofre file system, lining a non-rewinding devicc. 

# uf*3usv> iut /dorr/rsst/On /dtev/rdak/c#t#d#s# 

V\w s/rowirf similar to: 

ufsdDunp luf /«tev/mir/On /dfV/rcs"*/c*dOtls? 

1 siting 32 Kilobit reocxds 

DJMP: Sats #f tlti* lev^l 0 dja^Jt Thu 24 Jan 2002 Cls 12; 55 FM M3? 

DUMP: Date af last l^ve L 0 dmerp; TJxi 24 J&n 2312 • 1;16:47 PM JMST 
DUMP: Puling /dev/rdsk/cOrOdIs7 (gys43.7exp*rr/hatx,®) to /dev/nrir/O. 
DlWPj M^.oping IW&s i; fregular filee] 
ujhp- NappdrTg (pass rt) 'dir^toriesl 
JSstlmaLad 321 blocks >16IKB). 
iXTttping- (pa-s£: 111) [directories] 

Durccine? (Pass IV) iregHar 4 iles] 

31? bracks (159KB) un i volm^ =3t 691 kb/_=«c 
HUMP IS DONE 

JUevel 1 djrrp c:n I'r.U 24 Jan 2*12 01; 13 ^5 FM M' 

10. Rewind nnd eject th* tape from the tape dhv*. 

t ntt oCtli 


DUMP; 
Mp:p; 
DUMP: 
EUH£>; 
SOU*: 
PUMP: 


V 


\ 


11, Set 0i«> tape asi^.£ for use wt'lh subsequent tob£ 

12. Review the ^ontiifits oi the /etc>du.Tipdates file. 

r w ^ ip y /4tc/dl]BS0Pt£^ 

linv thozving inftinisation for the Levd j dump and 
tinolMr Hue for the Lk'Vvl \^tmp } for example: 

/devyrosk/cGtOdfs? 0 ltm 24 1^20:49 2002 

/dro frUk/cQpOdOaT I Thu Jan 24 1^22:06 2002 

,| |l : 3, Mount du 1 /exp^rt/hfiriS fd i? system. 

# mount /eaport/hoowe 
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Exercise Summary 


Exercise Summary 



Biscussion - * few minutes discuss what experiences,, issues, or 

discoveries yen: had dicing the kb exercise. 


• Experiences 

• Interpretations 

• Conclusion* 

• Applications 
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Module 16 


Performing File System Restores 


Objectives 


Upon completion of this module, you should be able Ut 

• Reeiore uts file systems 

• Explain disaster recovery uind^behtals 

The foUtwng course nfap show s how- this module fits into the current 
instructional goaL 

Performing System Backups and Restores 



mm 

e i«L 

_____ 


Peirfopmlftg 


> 

mrnmvp 

File Sysle/n 

Res'feiesV 1 


fsle Sy&tam 


:WlttvaUF$ 

v\ 


■ Snapshot ; 
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Res toring au fa File Sy stem 


Restoring a uf s File System 


You restore a flu $yytem to ivbuild a damaged file system, to reinstall or 
upgrade the Solaris OR software, or to reorganize hie systems on existing 
or new disk.q_ 


Restoring a Regular File System 


When you arc restoring dnt«i to a arc tern, onsidcr the following 
question*: 

• Can the system bouton its •*vn (t>egu]ar file system restore)? 

• Do you need to boot the system fr#m CD-ROM flp-itical file sy stem 
restore}? 

• Do you need tu boot the System fi xnti CD-ROM and repair the boot 



• The device ivtmti t* which you will restore the file system 

* i .. -3V name o f the t^moorarv di mtor\ T b which vcm will restore 



To resibre a regular file system, such a a the /exp^rt/hjeaw Or /opt Tile 
system, back to the disk, you use the ufsrestoce command The 
u^s»sbore <?ommOnd copies fifes h> Hie disk, relative to the current 
working directory/ fr»m backup tapes that were crea Why the uf^dvwp 
command. 

You can use tlve uf 2 rest^r#c»mmand to reload 5m entire file system 
hierarchy from a Level C backup and related incremental backups. You 
can also restore one or more single files from any backup tape. 

The format for the cornin/md is; 


uryii'PFicore qpL±c*a cLtgu^&r,!: r'srii^ystan 
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Restoring a ufi File System 


Table 16-1 describes some options that you can use with the utsresCore 
command 


Table 16-1 Options for the ufsrestore Command 


Option 

--—n 

Description 

t 

Lisrta the table of contents of the backup media 

X - 

Restorer the entire file system from tin- backup 
media. 

x file! £11 m3 

Key teres only the files named on the command line, 

i 

Invokes an interactive restore. 

v 

Specifics verbose mode. This mode displays the 
path names iothe terminal wzwn as each file is 
restored. 

t device 

Spin ifies the tape device name. 


WTien you rosti^ an entile file system imm a backup tape, the System 

creates a reetfc||yir,ta:bl* Hie 'Die nfs restore command uses the 
restorirayxn^afllfi Pit* for check-pointing or pacing information between 
incremental restores, w c^.,mn*ve the res ter »syi at able file wh n fhe 
restore is complete. 

'ISlirigthe uHsrontoi'M Command to Restore the /opt File 
^ System 

;■ The follow mg procedure dem strates how to use the uf&rosfc^ra 
comtrvmd torestore the /apt file syvtem on the cCtidOsS slice. 

1. Create tfw new fiJe system structu/e. 

4 /dev/rd£&/cOtOdJ0 aS 

2- Mount the tile system to the /opt directory' and change to that 
diitctory 

X- TartMTi t /d€T>/dslc/c0t0d0ft5 /opt 
f ed / opt 

3. R st re the /opt;lie system from the backup tape 
4 ufsrestQr^ rf /dav/rmt/O 


Performing Fte R03l0f*$ 

S*>Serm^f&»MaAJ2 
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Re storing a u f s File S y stem 


Note - Always restore n file system by starting wilh the Level (i backup 
trtpe, continuing with the next-lower-ievcl Lnpe r and continuing through 
the higher-level tape. 

4. Remove the file. 

4 na restorosymtablo 



5, Unmount the new Me system, 

4 od / 

H u*tru»t /°Pt 


6. Use the fsck command t# check the restored file system. 

4 feck /dav/rd*k/c0t0d0«5 

?. Perform a full backup of the file systec? 

4 ufs&xjop Out /dov/nat/0 /dev7xx3sk/cOtOdOs5 



Note - Always back-up the newly creaWdltfc system because the 
<xjmn\and n positions the fil^wid changes th e inode 

alloc a ti«n. 



Restoring the /usr File System 


^upr itn| jj w 

Tb-^store ihe /usir file system, toot from the Solaris $ Software 1 oi' 2 
CD-ROM, and then use the vfsrestore command t# restore files back to 
the /usr partition. 


Note - If the / (loot), /1 j ar, or Jy&± file systems .ire unusable because of 
some type Oi corruption or danvigt’-. the system will not boot 
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Restoring a ul* System 


Usinglhe ufsrestore Command to Restore ttie /usr File 
System 

The following pnxeduredemons rates how to restore the / us r file system 
on SJce 6 of the boot disk. 

1. Insert the Sokrie 9 Software X of 2 CD-ROM, and boot from the C®- 


R#M with the *ingle-u&er mode #pti#iv 


ck boot cdror> -d 


2 . Create the new file system structure. 


Jr nO/fs /d^v/rxisk/cOtOdOaS 


3. Mo^mt die file system to the mount poini^^ and change to that 
directory 


laovinE /dev/dsk/cOtOdO^ /a 
i od /a 

4 Restore the /usr file system from the backup tape 

# ufs-r^estor* rf /dtev/mt/O 


(Note - Remember to restore a hJe system by starting with the Level 0 


tt rm restoreepntabl© 



backup taper continuing With the next-lower-levd tap?, and continuing 
through the highcsi-Ievel tape. 


'6. Unmount th*: new file gystetn. 


if amount /a 


f od / 



7. Cse the Isck eo/Tunand to check the restored file system. 
£ fdek /dev/nlffR/cOtOdOi^ 

& Perform a full backup of the file system. 

# uf farhiTE) (hif /dfiv/nt/O / 4 av/c*lA)i/c 0 tDd 0 x 6 

9, Reboot the system. 

# inik 6 


Per forming Pi fe System Restores 

AJi«k#itene«er/9d- 















Re storing a ^File System 


Performing a Special Case Recovery of the / (root) File 
System 

Yow perform a special reccn^ry to recover the / (root) file sj'stwn if 

there is damage ta the boot block. 

li) restore the / (root) file system^ boot fram the Solaris 9 Software t af 2 
CD-ROM nrvd use tin? ntsze&to&e command. 


Fhe fallowing procedure demunslm teshaw to restore the / (root) hie 
system ah Slice # of tlx> boot disk. 

1. Insert the Solaris 9 Software 1 of 2 CB-&OM, <uul boot the C^ROM 
with the single-user mode option. 

ok boot odrej* -s 

... | . :-:i Z , 

2. Create Ihe new file system structiUE- 

# n *wf i /djaV/zd^k/cOtOdOsO 

3 Mount die file svslcm to She mount ja&nt /a and change lo lhat 


Mount die file s\*slcm to She mount 
directory, 

4 mount /da Zdsk/cOtOdOaO /a 
* Cd /a. 

4. Restore the / (root) file system faun the backup *pe 
fi ufsr^stor® wE /dav/jmt/0 



; 


Note - Always restore a file system bv staiting with the Level 0 backup 
kipe,-$nd continuing with the next-lowcr-leve) tape.- and cantihuing 
through ihe highest-level tape. 


5. Remove the 'restoresynfesjsle tile-- 

a xn 

6. Insbilf the lAaatblkin Seciars 1 through 15 of the baot disk. Id do 
this, change to the directary that contains the baa tbik, and enter the 
ir^ta I ibccC cotnmemd. 


I cd /usr/plst&srm/'tmaiK -n'/Jib/Cs/ufa 

3T jjis tallbcot bootthUc /dav/xdsk/cOtOdOaO 

7. Umn< Hint the new tile system. 

# cd / 

4 ufflount /a 


iAc 

wv 
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Restoring a uf a FUe Sysiem 


8. Use the fac’x command to check ihe stored fil c system, 
s fscfc /devVnA&k/cOtOdOfO 

9. Perform a full backup of the file system. 

# uf Quf /dsv/ont/O Ztev/rdak/cOtOdOaO 

10. RebxK>t the system. 

# init € 


Invoking an Interactive Restore 

The ufsrea tcr$ i command invokes an interactive interface. Through 
the interface, you can btXM'Se the directory hierarchy of the back up tape 
and select individual files to extr act. 

Using the ufsrestore i Command 

The following pfl>cedurc demonstrates how fo use the ufsros^xsre i 
command to extract indivi dual files from a backup tape. 

t Bk^come the roc^Jer and change^the temporary directory tlvil 
yuu want to receive the extra^baft files. 

# cd /var/tH^p 

^ Pc rfnrm the uHsrestor^ .i ccffrunaird^ 
tt u£b nat^rap ivf /dev/mit/O 

Verify vq1m§ arid iniri&llisu map* % ' 

Modi-a t:i 1 nck : "ll 2 C is £4 

IXxr^i 4ate: : ||ri J-an 2 ^^&i33!53 20C2 

Cun^ed frenu "Ae- «#c>t 

Level 0 afci^p ctf>- /export/home OT sys43:/Ae^/dsK/cCtOals^ 

Label; rjjim 

E5cf_raot direcccries £mr tape 
Initialize synrf>ol 

3^ Display die content? of the dirertuiy structure on the backup (ape. 

ufsresLore > is 

2 *,/ 13 dirnttoryl 15 directory3 11 lile2 

2 *.,/ :*■ directory^ ID filtl 12 iilei 
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Restoring a ufs File System 


4. Change t» the target directory on the backup tape. 

^tcresc.ore > cd directory! 
lifyrestere > le 
. /directory!: 

3964 -/ 2 *« «/ 3905 file! 350£ ttl&2 35C7 zile3 


5 . Add the files you wnnt to restore to the ext ruction list. 

ufsrestcre > add filal fil «2 
Make n£2d= ,/dir^etoryi 


Files you want to reside are markt:*d with an asterisk {*) for 
extraction. If you extract a directory, all of Ihe directory contents ^rtr: 
marked for extraction- 


ufflre«h,®re > la 
./ciirectcxyl: 
3904 *J 


6 . 


in this example, two files arc marked Jor extraction The Is 
command displays an asterisk m front of the file mines, 

filcl and f ilci. 

2 *. ./ ^3905 *111*3 3907 filed 

To ddote a file from the extraction fi^ggjae the delate command. 



u£*re*t;ore > delete filel 

Th* Is command displays 'the file wilhoul an asterisk. 

UtSTG£tj«re > Ls 
, /dir*C zzzyli '■’Z. $1 

3 S «4 «./ 2 * . . / 390*3 f||al 3506 +£ile 2 3907 fileS 

% To view tlie files and directories marked for extraction, use Ihe 

carted command. 


.fsr^tcre > marked 

. /nirsc toryl ■ . : li 

3904 ■*„ / & *.,/ 39C6 *file2 

8. To rt^tope the selected files from the backup (ape, fxrfomx the 
command: 


ufsrestere > extract 
I&ccxact ro^ue^Led tiles; 

You zav^ not read any* volumes t. 

Unless you knov? ushicri vol\n*z wzr filets) are on yma should start 
with asr voi-m- and r ^xrk towards th- £irsi_. 

Spfcci ty next volume 1 
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Restoring aCi Fite System 



Note - Tlio uf^restore command has to find the selected filc&. If you 
used more than one tape ter the backup, first insert the tape with the 
highest vOiume number and type the appropriate number at this point. 
Then repent working towards \x>lume £1 until aJi files have been 

restored. 


extract file ./directory l/fiie2 
Add links 

Set directory zrcz-de, ar*d rimes, 

set •r/.-n^r/jntoe for 1 .'? lyrd n 


Note - Answaing y sets ownership and pernns«ion^of the temporary 
directory to those of the directory stmctuie cwi the tape- 

9. To i‘•hit the interactive restore after the?$^ are extracted, perform the 
command: 

Utsr^sticrA? ouit 

10. Move tlie restored files to their oritpna] or permanent directory 
location, and delete ih£ filjss I roiti ftt6^enipomty directory. 

# thv” /var/ti^>/directoryl/file2 /^^rt/booe 
i m -r /vnr/tap/dircctoiyl 




_ : a> __ 

Note - You can use lh$ iie * |>comm.ind in an interactive restore t#- display 
a list ol available commands. 

____-_____ ___ 


Performing an Incremental Restore 

Wh*>n perf ntiing incremental reviews. sfcut with the last volume and 
work towards the first, 'the system uses- information in the 
r^stpreayiv.Labl^ file to restore incremental backups on top of the latest 
full backup. 



Note - If you perform an ina^einentvil restore of dota from backup tape* 
that were written from <in active file system, the u£«r?*et.®re canunand 
might become disrupted 


ieSysfero 
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Restor in g a uts Frfe System 


The following procedure demoirslraiteb how lo restore the /export/home 
file system from incremental tapes. 



Note — This procedure makes use of the mteractlA'S recto re to assist in 

showing the cx>nceplo( incremental restores. You would typically use a 
command, *<uch as u£*;r ester e r£, for restoring enlire file systems. 


I. View the contents of the /etc/d ai y ds tes file for information abeut 
the /export/hem file system, 

¥ jflore /etc/duirpdatoB |«rrep c0t0d0s7 

/dev/rdsk/cL'tSdls? • i-i*n CTan 2B 13; L0;12 2002 

/dev/rdsk/cCtOdOs" 1 Men J&n 2$ 13:12:41 2002 

X Create the new file system structure for tire /a*parx heaoe Hie 

system, 

it ntiwfa /dev/rd£k/c0t0d0s7 

3. Mount the file system and change to that tiirectoiy 

* nftnih /dev/d&k/cOt:9d0*7 / export /heme 

* cd /ea^xirt/h*™ 

•1- Insert ihe Le^el C buykup^ape, 

5. Restore the /exJ&K/hGVEeille system from Ihe backup tapes* 

* u£«r^stort rvf /d®v/mt/0 

Vei i£y volume and initialmaps 
Media jtlcck *rize is 64 

date; Wed Apr 03 09:$$;34 2002 

Ousted fron: the s?#ch 

l^evel 0 ctuzp of /exixydg^xeie cn sys^l i /3e^/dak/c0t0tl0a7 
LAbcl: non*# 

Begin lev^l 0 restore 
"iJ^bialize sy^kol 
detract directories fror taF- 
Calculate extractier. iist- 
14ak« node ,/directory! 

Make , /direc Lory2 

Make nccie . /directciy] 

Extract cj&oi leaves. 

Check po’mcinf t.ne restore 
extract file ./filel 
extract file ./file2 
extract file ./filol 
Add links 

Set directory mode, c*ner, arxl tines. 

Check the synitol taele. 
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Restoring a uf s Pile System 


6. Load the next lower-level hip* into the tap* drive, 
f ufsrtstora *nr£ AisV/Xxnfc/O 

Verify YCl\jne and initialise -tyipb 
M edia. block size is £4 
Ditfrp date: Wed npr 03 19:57:30 2C02 
Dunked frar.t fed £pr 03 0^55:34 2tt2 

Le^el 1 chirp of /5scport/bane on s>^s41; /dev/dskhcO^:)d0s7 
Label : none 


Begin incremental restore 
initxali^tt syrobel table, 
ktract directories trcm 
Sark kitties to fee- rarav^d. 

Calculate .nod« urates * 

M&fe node . /directory4 

Make nsAe . /directoryS 

Vteke node t /d±r^tory6 

li^A ur-_r^ i erenoed osoea. 

flensve old rxsdfts \dircccsriesh | 

JUxtra ct umr eaves*. 

Chenk pointing due feaatorJlfc. 
etcrract file ,*'fiie4 
extract file ./ files 
extract iile , hiile6 
Add in.<s 

Get directory -ncde, 0wT4^||j and litres. 
Check the syathcl table. 4P 
Check pomtirKj zsjo restore 
# 



W 




Alternativ^teps 



The following sLeps are an alternative to the previous Steps 5 and 6. 

5. Restore the /export/btne file system from the backup tapes, (This 
cxntnple uses an interactive, verbose restore to provide more detailed 
information.) 

* iif are store iv /d®v/xwt/0 

Verify volu/ne anA initialize Titaps 

Media bl^ck size. 1 is 6*1 

Dunr) date: Me- Jari IB 12:10:13 2002 

TXj^ed Lcqkz the epoch 

Level 0 &3JP of /export frjmsm on S>^4i:/dev/d3k/c0t0d0s7 
Lafcel: none 


Pertxeniny Fie System R&g&ms 
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Re storing a j t h Re System 


Extract directories Crcrr cap® 
Initialize oytiol taiole. 
ufsr esters > Is 


2 -_/ 

2 *. . / 

7 clirect.ervl 


8 dimecTXjry2 

9 oi reel: o^./3 
4 filel 


5 fiJe2 

6 file3 

3 Icsitfound/ 


Tht? HVHtem list* hies from the Ust Levd 0 K*K^up 

u^creszcxe > Add * 

Vi’aming: . /lo^t+f oi_md: File exists 

ufare^tere > extract 

Extract l-txiuesred files 

YCU have nCC reas any vo1\*y>?s yet, 

Unless y to kr-a«? -^tiicfi vclure your filets) are on ebcn-24 start 
with trie last vclunt and v^r>. t^wris the first. 

next Vol^ne it: 1 
Cxtracc file ,/filcl 
extract. file ./file? 
extract file „ /tile3 
extract file ,/direcrotyl 
extract file ./directory;; 
extract file ,/di rectajyl 
Add lir.kr- 

Set directory "oce. Q*?**r, ^7>d 

J5et cv.ii-r/mode f Cx ’ . ’ ? fyn) n fl. 

Directories; n, ready ^xisitr set moots an^ay? 
ufsrcstcre > Q 

4 





V- 

\* 


6. Thr information in the /etc/dlfJTd^tes file shows an inoementaJ 
backup itmt was taken after the Lcwl 0 backup. Load the next tape 
<md perform the incremental restore. 

tf ufereBtcxrt iv 

Verify velufre and initialize iraps 
Media biacK fi-z= is 64 
Duro dat^: Men Jan 10 13:12:41 2002 

Duitq^: Zlrcsil! Man Jan 29 13:10:12 20C2 

Level 1 dutrj) ot /export./h^-meon sys4lT /d£v/dsK/cCtQ*iii7 
Labe?; -.one 

Extract dixect^ries fxorc. t-.a*e 
lniti.ali7:e ey^bei tcabie. 
ui«res:crc > la 

2 *-/ 13 b‘re^tsxy4 25 airectory* .1 ~ile5 

2 *■../ 14 airectoxyE 1C £ile4 12 files 
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Restoring a u f» File System 


ufsrestore > add ♦ 

Ufnrestore > extzaCt 

Sxtxact requested fiies 

Yeu have not r&ad any vclznnes yet. 

Unless y*u fcnT?ir ^tiich ycux £LIe<sa) are on you scould st-ars 

wit_*t the lasr volume ard work towards the first:, 

Ppecizy next val^e H; 1 
extract file ,/file4 
extract fi_e fileS 
extract ./fil©6 

extract file ,/directory^ 
extract: file , /directtry5 
e*:crc..ct file . /directo/v6 
A*0 limits 

Set £ir«Cbory xrxie, owr*^, an 
set c^Tier/roo 4 e for \ r ? [ynl 


utsr^-scare > g 
4 




s 
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Perf ormin g the E x ercises 


Performing the Exercises 


You have iheopiion to complete any *nc of tlireo versions of a lab. To 

decide which to choose, consult the following description? of the 1-evelts: 

• Level 1 This version uf the lab provides the least ainuml #f 
guidance. Each bulleted paragraph provides a task description, but 
you must determine v#ur #wn way •i accomplishing each task 

• Lev-el 2 - This version *1 the lab provides more guidance. Although 
each step describes whot you should do, vou must determine the 
commands (and options) t* input 

• ]^evel 3 - Ihis vei'sion of the lab is the easiest In accomplish because 
each step provides exactly ivhatyxiu should input to the sj^tern. This 
level also Includes the task solutions for all thre| levels* 
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Exercise: Recovering Backup Files and File Systems {Level i) 


Exercise: Recovering Backup Files and File Systems 
(Level 1) 


In this cxera'#*/ you read the backup tape from the previous exercise, You 
back up the / (root) file system/ restore a single file from tape, and destroy 
and restore the / (root) file system 


Preparation 


Tins exercise requires a system tl\at is configured with a tape drive and a 
/ (root) Fie system that is separate fr#m the . usr and /var file system?. 
Identify the Hlice that holds the / (root) file system. From your instructor, 
get a tape appropriate for ytnir system. 


Tasks 

Complete the foHaving: 




• Read the contend *f both files on the backup tape written 

in the previous cerise. 

(Steps L-3 in Task 1 of the Lewi 

* Reboot the system to njK level S, Use the ufsdunp command to 
create a backup tnpe of the% (root) file system on your system. Verify 

^ , Xbal the tape contains valid <fata for this file system. Allow the 
system* W» continue to boot to run level 3. 


fSleps 1-5 in Task 2 of the Level 2 lab) 


• Use the uffire&tore i command t» restore the /etc/inot/hoats 
file frOff) LTfVb drid place it below the /var/lrnip directory. 


(Steps 1-6 in Task3 of the Level 2 lab) 


• Remove the /kernel, /plfitf vm, and /devices di rvcfcrnra 
recursively. Abort the operating system, and attempt to boot the 
system from disk. Record wl tat happen. Boot the svslem fiom the 
Solaris Software 1 of 2 CO-R#M to run level $. Create a new file 
system on the / (r#«t) slice. Use the ufsr^tore command to ri .■'load 
the / (mot) file system, Install a new bait block. Reboot the syntem, 
and ej'ecl the CD-ROM, 

(Sfcps 1—11 in Task 4 of the let el 2 lab) 


Perfa/mlrKy File System Restore? 


te-is 









Exe rcise; Rec ov^r m-g Back up Fites a mJ File .S yst ems ( Le vel 2) 

Exercise: Recovering Backup Files and FileSystems 
(Level 2) 


li thiy «*ereise, you read the backup tape from the previous exercise. You 
back up the / (/out) file system, restore a single I lie fr»ni tape/ and destroy 
and restorv the / (root) file system. 


Preparation 


This exercise requires a system that is configured with a tape drive and a 
/ (rooL) hie system that is separate from the /use nnd^/var file sterns. 
Identify the sIj«? that holds the / (zoo!) ftk system. From the iiL^ructo^ 
get a tape appropriate for yuur system, i . | 


Task Summary 

In this exercise, you 

• Read the conleiite m both on backup tape written 

in the previous exercise, 

• Reboot the system fco run level s Lse thexit sdura command to 
create a backup tape of the / (root) file system on your system. Verify 
thiat tilt-tape iron tL-djisv.il id data for this I lie system. Allow the 
system t o continue te> boot to run level 3. 


accomplish ips following; 


J\ 


• Lsv thjg ufsre9tcre i cc^pmand to restore the /etc/iu-et/fcosts 
file ff%mr lag!, and place it below the /var/t^p directory. 

# Remove the /plattorrv /uid /devices directories 

n>£Tam|^y. Abort the operating system, and attempt to boot the 
sjistemTrcifcn disk. Rccoixi what happens. Boot the syytem from die 
Solaris 9 #E Software 1 of 2 CD-ROM to run level S Create a new 
Hie system on the / (root) slice. Use the uf sr^srore command to 
reload the / (root) fxk system. Instill a new boot block. Reboot ihe 
systenv and eject the CD-ROM 
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Exercise: Recovering Backup Files and File Systems (Level 2 ) 


Tasks 


Complete the following tasks. 


Task 1 - Read Your Previous Backup Tape 

Complete the fallowing steps: 

1. 


Locale the backup tape written in he previous eicnise, and load it 
into }^)\ir tape driw. 

2. Use the interactive restore command tu view the content of he first 
Level 0 backup tape- Verify that Die -liesare from Ihe /exporr/hot^ 
directory that backed itp^ Enters to quit the interactive restore. 

3. Using a non-rewind deM4e, movefile tape to the next regard, and 

view the contents of the so#ond> incremental backup. Verify that the 
hies >X)U soc aje fawn the incremental backup. (ILie uucp directory is 
the one you after the Level 0 backup.) 

Task 2 - Create a Backdp of the / ) File System 

Complete he following sbep£ 

1. Log in as the rocc user! and open a len^lna] window. Shut down the 
System to run level I. Then, boot th$ system to run level. 5;. Supply 
t|je rc-lfcpfty&wordas required to enter run level S. 

2. Verity that a tape is in vour tape drive. 

3. Us* tlw uf sdtirap cnmwWTvtf to enste a backup tape for the (root) 


4. Hsifv that the / (r«ot) file system is on the tape. 

-|y : :T 

5. the system to continue b boot run level 3. 


Task3- Restore the ,-e^c/in*t/h»sts File From a Tape 

Com tele the following steps: 

1- Log ina9 the r--t user/ and open a terminal window. Change to the 
/var/ zteg directory. 

2. Enter the uf£r*st»r« i comjnand to retrieve the /*Lc/ir.et;/hasts 
file from the tape. 

3. Change to the /etc/iuet directory on the tape and list the fiks in 
the directory 
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4- Add the bosts file to the list of files to extract, and display the list 

5, Exlraet the hoaie file from tape. Specify volume number 1. Do not 
sul the owner and mode for ., <md then qui't the ufsrestore 
command. 

6- Aerify that the etc/in=L/r*oeta file exists below the /vaxVnrp 
directory: 


Task 4 - Destroy and Restore the / (root) File System 


Complete the following steps: 

1 . Change to the / (root) directory, and remove this, fallowing critical 


2 . 


4. 


m 


sysicm directories a.nd their contents: /kernel;; jfol^tfonrv and 

/dsvicss- 

r , 

Press the Stop-A key sequence to *boet the operating system. 

Attempt to boot Uh> systen from the boot disk. 

What happens? 

Insert the Solaris 9 Software 1 of 2 QMiOM, Boot thi^stem from 
the C#-.R#\I to run level? S. 

L T se the r^to wmmand to create anew filesystem on the / (ro*t) 
slice. (Thefclkv *houlcl match the oneyou used earlier in the exercise 
when you crusted a backup $f the (root) file system.) Run the tsok 
arnmandapfl iho file system lhal you create. 


5. Verify mJ||$biir ro*c backup hipe is in the tape drive. Mount ifie 
new file system aa the /a file system. Change to the /a. director)'. 

h U*e the uf ^r^tore cmnmand to load the / (r#ot> data into the new 

file system. 

•move Itgrestorea ymtabi e jfile. 

Tnstafl a new boot block in Sectors 1 through 15 of the / (root) sice, 
by changing to the directory containing the Iwot block and enteiing 
the instv toor cxnnmand. 

n cd /ttCr/platforrt/uname -to /lib/fs/ufs 
4 infitallboot bootblk /dev/rdik/cOtOdOaO 



9. Change to the / (root) directory, and unmount the new- file system. 

10. Reboot the system- 

11. Log in ers the roc:, user, and open a tcnrfiml window Ej*t t the 
Solaris 9 Software 1 of 2 G>*ROM 
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Exercise: Recovering Backup Files and File Systems {Level 3) 


Exercise: Recovering Backup Files and File Systems 
(Level 3) 


In this exercise, y«u read the backup tape f r#nr the previous exercise. You 
back up the , (root) file system, restore a single file fr#ni tape, and destroy 
and restore the / (root) file system. 


Preparation 

This exercise requires a system that is configured with a {ape drive and a 
/ (r#ot) file system that is separate from the /usr and /vsr file systems. 
Identify the slice that holds the / (root) file system. From the instructor get 
a tape appropriate for your sys tom- 


Task Summary 

% 1 % , ; 

In this e>£erri 64 |you accomplish the following: 

a Read the ientffiaL h o tli• ~diimp hi es tn th$,backup tape written 

in the previous 

• Reboot the system to furl levlTs. LJ^e tire -.ifsdu^fp cxrmmwui to 
create a backup tape of tire / (root) file system on your sysUm. Verify 
that the tape contains valid data'Tor this file system Allow? the 
system to continue to boot to rdn level 3. 

• Use the ufsires-oire i command to restore the /etc/inet/hast s 
file from tape, and place it bel#w the /-mrf znyp- directory'. 



« Remove the /platform, a»rd /device* directories 

recursively. Abort the openU irg system, and attempt ft btttt the 
system franr disk. Record what happens. loot ilve system frotn th* 
Solaris 9 Software 1 of 2 CD-ROM to run level S. Create a new file 
system on the / (root) slice. Use the ufsrestcre command to reload 
the / (r<krt) file system. Install a new boot Hock. ReL^oot the system, 
and eject the C#-ROM. 


p£rf*rminf Fife- System R&stti^s 

Copy.iSfvi2*ro SunMicrwystvrrv;, Inc. AIIRipite Reserved. Sun Services. RfvWenA.2 


It-lt 




Exercise : Recoverin g Bac kup Files and File S yst ems ( L&vei lj) 


Tasks and Solutions 

Complete the following tasks* 

Task 1 - Read Ycur Previous Backup Tape 

Compile the folkxvi cig step#; 

1. Locate the backup tape written iji the previous exercise, and loud it 
into your ape drive. 

2. Use the interactive restore command to view the contents of the Jrirsl 
Level • backup tape. Verify that the files art* frbtm tl\0 /exrorb/tioriY? 
directory that yon barked up. Enter q fc> quit theinleractive rrskse. 


# ufsz^itdtre iv 

Verify vclun*? and ini.t.taliz^ xraps 
We«LLa block si^» is 64 

CBjuh: dace!: pri <J*ji 25 C 8 : 38?53 

Durrpeii Zitm.: tllCf epaoT. 

Level 0 dunp of /expurr/tiaras or sys43i / 

Label: 

^ccratzt direetcries Crcn cape 
Initially »yrrbol tabl£, 
ufsrescore > la 


-:.,pr 

: 





dak/c0tQdQtf7 



llti files frtoti yvur /t^xporr/hotne directortj. 


6 fi e3 
3 loeti-faund/ 


1&2D 


mw*fta*e$y$ Ioti lor the So4arfe 9 OOQtAfr*) ErMroamw* 

C0^1|1li(7^8onMcr(jsy9l»ins. Inc. M Rlphu RtfviSifn *,2 
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3, Using rt nam-rewind device, move the tape to the ne*t record, and 
viow the contents o i the second, incremental Lockup. Verify that the 
you see an* from the incremental backup, (The uucp directory is 
the one you added after the Level 0 backup.) Quit the interactive 
restore- 


# mt -£ /AtCv/rmt/On ftf 1 

# uf&reafcore ivf /d«v/xmt/0 

Verify volume and initialize ivopa 
Xcdia. clock size is 64 
CXarrs date: Fri &n 25 0-:4:.:12 2C-C2 
^irqaed fron: Pri Jan 2'b 0 8 c 3 8 1 5 3 2#'J2 

Levei 1 &ih\|I of /esq^orL/hcoie cn sys43r/ctev/dsk,dlt*dQc7 
l^eli n#ne 

licrract dir«cccrries frca> tape 
initiHiise table. 




> q 

# 


Task 2-Create a Ba^o# of the / (root) File System 


Comolele the following steps: 



f init 0 

fshutdown 
ole boot -fl 


1 1 Verify Iw’t ft tape is In your tape drive. 

3. Use the at stfiimp comma/xl to create a backup tape for the / (tixrt) 

hie system. 

# ufedunp Ouf /dev/rwt/o /davVrdsk/cOtOdOflO 

4. Verify that the / (root) file sfyatem k on the tape. 

a ufarafltew cvf /dav/rnt/O 


J Sirrccit $croi'2 drrvctojy sfrwcrw/vs ttfjthr / ./bi/outfri 

ty/Z/cs. 

5- Allow the system ta continue to boot to r un level 3. 


I c cyw-t tVI -n> 


fVWvftQ Fla System R*$to<us 

Cop>itg htZCCl&Jn McratySIMtt. h*. AJI Rants S navisltn A _2 


i e-21 










Exenci &e: Rec o cting B acku p File s and File Sy sten g (Lev el 3) 


Task3- Restore the /etc/inet/b*sts Fife From a Tape 


C’.omplelc the following steps; 


1. 


it ed /var/tiqp 


Log in n$ the root user, and open a terminal window. Chjmge ho the 

/var/t,*np directory. 


2. Enter the -jf ^restore- i command lo retrieve the s=tc/ inet/L-osts 

file from the tape. 

* ufer^atosTi If /dev/xwt/0 

ufsreszoi.'® > Is 


You should sl’l >fil& und diredone*for Lite / (rooOfik sy'sterrt. 


3. Change ho the /etc/ d Lrec lory on 
the dtivclary. 

ufirestore > cd /©tc/inet 
utsreBhcre > Is 



tape, and list Ihe files in 



Y<vt should seefiits and for the /e£c/itt«t file system 


4. Add ihe hos cs fib to the list of Hies i^KTACt, andjfapliiy Ihe lisl. 

uicr^E-s^re > add hosts 
ufsrescore > rtarfcsd 

Yew s/jortkl eee ihe hes z s f*k listed. 

5. Ihdiaprt the hasts file from|©pe, Specify volume number 1. Wm not 
set the‘owner ami mode for rind then quit the uts restore 
cc?mmnn<£ 

ufsresz«re > ©attract 

£xC^cz re^u«8ted fil&s 

You have- nc|64redd ar-.y vel urt^ yet , 

t/nleae ysu kj-ov.^hlch vclur^e your fileis) are on you shsuld start 
with the la&t mib and writ towards the first. 

Speci£y nexi volume *: 1 
set otoTj^r/roods f«r •. * ? lyn] n 
uforestore > q 


6. Verify that the etc/inet/hssto file exists below Ihe /var/t-.ri^ 
directum 

t Is 6tc/isac/hO£tB 

€CC/inet/hOQtK 
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Exercise: Recovering Backup Files and File Systems (Level 3) 


Task 4- Destroy and Restore the / (root) File System 


Cample the fallowj#^ 

1 Change to the / (root) directory, and remove the following critical 
system directories and tl'ioir contents: /kernel/ /jilaLfemv und 
/ devices. 


# od / 

^ rm -it /h*mnl /placf< 7 ZB /devices 

2. Press the Stop-A key sequence to abort the operal'ing system. 
Attempt to boot the system from the troot disk. 


ok boot 


Whal happens? 

Tbf system fails fa bvot and delays the ntry£4£t~ 

3oct load failed, 

rhe £iL« iut?' leaded dees nor *i-^r to executable 


V 


Insert the Solaris 9 Soj 
the CD-POM to run l£ 


Doot tho system from 


ok boot 


•dram -b 

4. 


Kuji the c#u\n\arxi lo create a new file system oa the / (not) 

slia? iThe shoe should match the one you used earlier in the exercise 
when you created a backup of the / (ipolj file system.) Enter the 
isck cemmond on the Me system that you create. 


# JMztrtB /dev/rdBk/cOtOdOaO 
Tt fsck /Oav/rdak/cOtOdOaO 


5 . Verify lhal your roor backup tape Is in the Uipe drive. Mount the 
nei\- file system as the /a file system- Change lo the /a directory. 
# jBount /dm#/dBk/cOtOdOeO /a 
!T cd /a 


6, Uso Iho uf«res t#recoinm<ind t* load the / (root) data into th* new 
file system. 

% u£sr«&tora rf /dcv/nat/O 

7. Itemove tlie r^asti ^e^rynFvable file. 

4 m reBtoat^urymtatble 

8- Install a now boot block in Sectors 1 through 15 of the / (ro*t) slice, 
by changing to the directory containing the boot block and Mitering 
the inacal'-h^ot command, 

4 od /liBt/plAttea/' unaat -n'/lib/f&/ufi 

t tocrfcKlk /d#v/rdnk/t? 0 t 0 d 0*0 
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E xercise: R ecoverin g Backup F iles and Fil e Systems (Level 3 )_____ 

9. Ch*w$£ tv the / (root) directory; and unmount the new file srvslcm. 

■ cd / 

# ujao^irvfc /« 

10. Reboot the tf/sbcm- 

¥ init 6 

11. Log in as the tooz user and open ter/ninat window. Eject the 
Solaris 9 Software 1 of 2 CD-ROM. 


* ej*A cAx*n 
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txerv&e Summary 


Exercise Summary 

Discussion -Take a few minutes to clisniT* whnl experietfe*, issues/ or 
discoveries you had during the lab exercises. 

• Experiences 

• Interpretations 

• Conclusions 

• Applications 
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I nlrotiucir ig Dis aster Rec overy Fun damen tals _ _ _ _ 

Introducing Disaster Recovery Fundamentals 

This section introduces some basic concepts t ind criteria for the planning 
and anticipation ot a disaster Understanding whnt 4fsa*ter recovery is 
sluaild be the first step you take toward defining and implementing a 
disaster recovery plan. 

Identifying, the fundamentals of a disaster recen tly plan start with 
defining what a disaster is In most cases, it can be defined as follows: any 
unplanned, extended loss of criti cal business applications due to a lack of 
computer processiu capabilities. In th& definition, extends \ is defined by 
the individual business at hand. Same businesses mig I it suffer severe 
I owes in one hour while other businesses might not suffer severe losses 

m 1R 

Disaster Scenarios That Can Result in a Loss of Data 


•is.isM's, both natMral^fid (MMiWite, happen **very day. l ; or example, 
flooding in Chicago ought disnfpt opcralidhs in #)# data ccnleisin 
Chicago or oil over the United States, or a hnnjicane could disable il\e 
reservation system of^yrngior airline. A major storm could interrupt 
power to a geographic nma for an attended perkicV»f time. Afire coukl 
destroy business critical inffastiuchlitt 

IvLaiiy .bcenarits could involve the tosa of major components of* 
busin(?«»s*critical system ftr sysfems. You have many rcosons to consider 
having a well-thought-out disaster recovers plan in place. Hie mo&1 
important r&rttxa might be the She* you cannot think of. 



Disaster Recovery Plan 

(Vo single document can present a comprehensive analysis of how to 
prepare a disaster recovery plan. However, this section describes some oi 
Ihekey slep$ to create a plan 
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introducing Disaster Recovery Fundamentals 


Solicit D partment Input 

Gnthtr input from the departments within your •ompany tndividwilsin 
these department!* know the type mf data they create and the importance 
of the data. If you work at a large company, v«u might organize a 
planning team eo thrtt the te amcan inform management cm the status of 
the disaster recover program. Department might he tasked to complete 
periodic tests to verify implementation of the disaster rec#vcrv program. 
The departments c.nn present any findhnpeof gaps nr risks they eiicountcr. 

Acquire Management Approval 

Involve managemeni early in the decisi«n-making process. This is an 
important step it you are to •bfca'in the necessary resources and time 
required from each area of your organization. 

You, or vour planning te^m, should complete a study of the disaster 
rerovny plan and include an estimate of the cost of a disaster, as well 
an estimate of the jwaible’coste and time to implemen t a disaster 
recovery btrategy When manageznentundcr^flndsthe financial, physical, 
and business associated with a disaster, the^Janning team is able to 
build n strategy and enstue tha*|he strategy is implemented aon;** the 
organization. 

Develop a Budget 

if^gt-justifyinfl fi disinter recoveiy.program is relatively simple. No 
LTrfhpcHtive organization can afford t» be with#ut a comprehensi ve 
prpgrancL In developing a budget for y*ur program, you should consider 
the following: 

• Your current cost of downtime 

Look at both the total cost per minute as well as the cost per event, 
and include the intemgtble or soft-dailcr •oste, such as loss of 
productivity and diminished cvstumei canfidc/xr» 

• Hie cost of re<3>eating data 

Consider the time lo*t ^creating files/ the expense of retrieving data 
from crashed hard disks, the cost of unavailable data when you need 
it, and the additional costs involved in re-creating lost data when 
there is no backup copy avaiJable. 

• The cost of expert assistance 

Compared to the costs of downtime,the cost* of hiring expert* to 
assist with the disaster recovery program are xnininu). 
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Evaluating the Critical Factors for the Plan 


Creating the actual disaster recovery plan vaiies tram one company to 
another. Every company must first evaluate the following critical factors 
for a di^as^r recovery plan: 

• Wliat is the greatest nVk? 

Is your company mosl susceptible natural events Much as 
cdrthqualcs, fires, or floods, mechanical fail ures, such as hardware 
and software problems; human error; or intrusions, *uch ashvKker 
attacks and viruses? 


• How arc various groups or departments, within your campon y 
afifected by downtime? 

• For each fcroup, huw vital ts access io data? 

• how long could each group or department liiru hen without 

access lo data? 

• Is the hr andlptta ad centrally located, or cue there 

alfcuvative sites or departments tliat tvih pnnidc the resources 
lost in the event of a disa^^r? 

• What prevenhitiv*? mcfisurfcs are in pltat-E-- right now? 

• Is then? a riicasfrr team? 



Have you defined a backup^trategv? 

T^herc is the m05t valuable stored, and is i I adequately 





Ha#y Cm documented inventory with schematics, 
specifications. password, menus, utilities, and startup files? 

Doyaur facilities have backup dab* lines and connections? 


• How can you recover your dc.ta? 

• Who k> in change o i managing this process? 

• I s there 3 communication procedure? 

• Could you recover your daVi at a different facility or 

geographical area, or with diffe^nt personnel? 

• IX> you have the need for A lK>tsite? If so. do you establish the 
hotsite or use a hotsite vendor? 

• How long vmukl it take to fix yeur existing facility under 
various disaster bceuaries? 
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Introducing Disaster Recovery Fundamentals 


• Should y#u out-source the dalo recovery process to a 
Oiijd-party mcnpony? 

• Do you have emergency cxmtaclfc with your suppliers? 

• VVhut are the approval procedures for emergency planning? 

• What happens if ;x>u cannot reach key personnel? 

Create a Procedure 

After you have analyzed Ihe previous choices, you are ready to establis 
the actual procedures that you must follow in the event of a disaster. The 
procedures muyk 

• Define how lo andle various aspex^s of the network, including loss 
of sc/vers, bridge and rOulers, cocnrainj cations links/ and so on 

• Specify who arranges for repairs or recimstructtajiuid how the datai 

recovery process •ccurs * 

• Include a ^checklist or Uttt procedure io verity that evdr^thing works 
whon the Repairs and^data recover v.kigve taken, place 

Ml 1 

Test the Procedure 

YjJS must lost Jhe plan—not just once but often. You should determine 
^equenH'^y*!! test the plan, by considering Ihe following la el or* 

« * \ % 

• Pcr&onm*l changes* 

• System changes 

• changes 



j 

You must measure the sucres of each test. You must do: me the objective 
measurements to verify that y*ur plan is effective. 
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Keep Pace With Changes 

Change is the only constant in the ixxparate world/ and it Vs important 
that your di^ster recovery plan takes into account the import of change. 
Consider the followvhng: 

• Are there processes in place to include new departments and 
facilities in the disas er necev-ery plan? 

• Is there A regularly Scheduled review of the plan? 

a Who maintains the disaster management team rosier? 

• Could someone ne w exec ute the plan? 

• How do you communicate changes or niodificittions to the plan tn 
people who are affected by the clwvxges? 


Importance of Off-Site Backups 



Having a comprehensive and quality backup is vital to a ^kkI 

disaster recovery i$an The vi-tkie of hfteked-up datiVdepends #n the 
security and physical protectiori of tl\at media. 

Majiv scenarios can account for data loss or cxxruptkm. These scenarios 
fall shorts jgtfhai is typically considered a diSas er. In some instances, you 
might need% weaver da hi lost due to human error ox a minor hardware 
failure. To recStejf from data corruption you need to gain quick access to 
httekup madia/ such as tape. u 

Many ]nfort| ! |iion Technology (IT) providers keep a local copy of their 
backups ami fend a tested copy of the? same backups to an ol'f-si te storage 
service prov ider. Off-siXe storage gives you the opportunity to keep an 
infg^rity-feshfd copy of all your data in a safe locabn away frorn th e site 
of business. Off-sitc providers store your backups in a disaster-ready 
environment. These sites usually are built to protect your backups from 
most known disaster scenarios/ such as fine, Qtod, theft and ho on. 
Without an ofhsite storage solubcai, >xxj could place ev en the mas* 
comp r «h£Asive disaster rvoavery program at gnwt risk. 
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introducing Disaster Recovery Fundamentals 


Components Required to Operate a Hotsite 

Y 011 might decide that there is sufAcicni ne**d and bufriries's justification to 
implement a hotsite as part of yoiir disas ter recovery plan. A hotsiliMft a 
virtual replication of your critical business computer operations- A liotsite 
is also known as a disaster recovery site. 

11 the cost of establishing a hotsite is too high, you can use commercial 
hotsite vendor* Some disaster recovery vendors offer a variety of options 
Jn a hotsite \irtvir#nmentymi might get pre-installed computers, 
networking equipment, telecommunications equipment, raised flooring, 
air conditioning, teclmical support, and uninterruptible power supplies. 


Importance of Disaster Recovery Drills 


As part of a comprehensive disaster recovery plan, testing is. one of tlte 
most criticcd fitting After sucoesfc/utly testing your disaster recovery plan, 
you must continue to test your plan on a regular ban'is through disaster 
recovery drills, 

Conducting disaster tuom^y drills allows you the opportunity to adjust 
and update your disaster aecOveiy plan as needed You have die 
opportunity to account for personnel changes, system changes, 
application changes, and so on. 

CoirK^^ng; disaster n-c'hverv drills an a regular basis also keeps die 
imporfihei iif disaster recovery ns. a priority in your every day computer 
operation The more you practice far disaster recovery scenarios* the 
quickeryou a»e able to recover, saving mere of y'our customer base and 
yqpr buftinegfS enmingi. 
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Module 17 


Backing U p a Mounted File System With a 
UFS Snapshot 


Objectives 

UpcxD enmplefcon ol this module/ you should be able to; 

• Crca t e a U FS snapshot 

• lack up thpsnapshoi tye 

The following course map shcrws.how'thistiuodui* /its into the current 
ins tribunal goal- 

Peiforming System Backups and Restores 


*Sackin3 Up 

a Mounted 
File System 
With a UFS 
Snapshot 

i ■ 1.1.1 u i. . i in* 

Figure 17-1 Course Map 



C-^-poright &X13 dun MkirtXiyalnms. In--. AL | limits EfamiruBd SU1 Smiths. PlwUlen A_£ 
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Cr eating e UF S Snap shot 


Creating a UFS Snapshot 

Tl^e UF'S Copy on Write Snapshots feature provides ndm:j:iis£rator* of 
noi>enherprise-level systems an online backup solution /or ufs file 
systems. This utility enables you to create a pomt-in-time copy of a uf s 
JileSysbenir called a ^ip^hot as an online backup < You c n create the 
backup while the file system is mounted and the system is in multiuser 
made, 



Note — The LTFS snapshots are s imilar to the Instont Image product. 
Inslant Image allocate* spoae equal to tl*e si re of tin* entire rile system that 

is being captured. However, Ihe fib System data^aved by LTFS titiapsliote 
•ccupies only as much disk space as needed. 


Using the fssnap Command 




You use tfie fssr.command to cmitc, query, ar delete ler&porn ry read¬ 
only snapshots of uts file s}^l cms. 


TW formal for the tsenapcnnunand b: 


*■ 


/'■^rr/ahi^/’fsfxa^ rF FS'ly^e -v o «pecia^flpta[<sn (si mount-point 1 ^pesial 

f w 

.... 

Table 17-1 ehosgs gome of the. Dpi ions for the fBSnap command. 


Table 17-1 Options fur the ^Command 


•pfcgft 

Description 

-d 

•detect; the snapshot fi^ciated with ihu given file system. If the -o un] ink 
opliwn was when you built the snapshot, the backing-store file is 

deleted together with the snapshot Otherwise, tliebarking^store file (which 
con tains fife system dalaj oecupien disk space uniil you delete it manually 

-F F£Typ? 

Specifics the file sy^'m type to be used. 

-d 

Display g the state of an fr-yiiypc snapshot 

-V 

Echoes the complete command line but dom r*>t execute the command 

r 

Enables you t* use specidJ._apticns* such as thi* k*cation and siz** <jf the 
backing-store (cg) file. 
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C reati ng a UF S Snapshot 


To croato a lifS snapshot, sp«ify a barking-store path and the actual file 
system to be captuwd. The following is the command format: 

4r f BBH3P -? \xtB -o /file-sys tom 


Note - Tlie hackir^Btoi-e^path can be a raw device, the name of an 
existing directory, or the name of a file that does net already exist. 


The following example uses the tssnapeemmand tu cieate a snapshot of 
the /expert/htone file system. 

V faanap -F u£b -o hB-/v«r/tu^3 /a^ort/hcme 

.-■'•lev/zs snap /0 

The snapshot subsystem hie system data in a file called a 
backing-slorc file before the data is overwritten. Some important aspect 
of a haddj>g-stojre file arc,' 

A bocking-4orv file is a bit-mapped fileth at takes up diskspaee until 
vou ddote the UPS ^Lapahot 

Jhe si^e #f the backing-stone file vstfies with the amount of activity 
on the fi)e system beij^ captured. 

The destination path- that you specify or the f ssnap command line 
must have enough free ^aceto hold the backng-sborc file. 

The location of the brteki rig-store He must be differed from thtft of 
the file sydtom you wont to cloture in a UFS snapshot. 

A backing-store file can reside on different types of file systems, 
including another ufs file system #r amounted nfs file system. 

The fee-nap Command creates the backing-store file and two read-only 
v irtual devices The block virtual 4cvu^ /dev/f ssnap/C, can be 
mounted as a read-only file system. The jaw virtual device, 

/ctev/rf can be used tW raw read-only a«c ess to a file system. 

These virtual devices can be barked up with any of the existing Solaris Of 
backup commands The backup created from a virtual di>vk*e is a backup 
of ihe ori^Hna) file s ystem when the UFS snapshot was taken, 




Sacking up a Moonlftd File System Wuth aUFS Snapshot 

Irtfc ^ I S% 80 <V 0 <J. 
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Crea ting a UFS Snap shot 



(Vote - When ci UFS snapshot is first created, the file ystcm locks 
temporarily. Users might notice a slight pause when writing to tlrs tile 
system. The length of the pause increase with the s»e of the fik* System. 
There is no performance impact when users are leading from the file 
system. 


Limiting the Size of the Backing-Store File 


before excelling a UPS snapshot use the elf -k conumind to check that the 
backing-»tore file has enough disk space bo grow. The size of the backing- 
Store file depends on how much data has changed the previous 
snapshot w'as tak«>. 


You con limit the size of the backmg-fertofc ffe'fcg' iising i|¥fc r o ir6x&>-r.z*=?: 
option of the tssr.aj* «x>mrnand, whore n Ck, r& orq) i™ maximum 
size of the badd ng-stupe h le specified in Kbytes, Mbytes* or Gbytes. 

Additionally, you can place a minimum siz^n the hrtddng-sLniv file by 
using the -o imlt:to|s-KopLinn with the fsar&sp coBurorfd. 


Caution - If the backing-store ftfe runs out of dhtk ^aoe, the sy lem 
automatically dale tvs the UFS snapshot, which"Causes the backup to fail 
^active ufr^pe svst^oi is not affected. Check the /var/ 2 u-),*i/w»essa£e* 
for posHihl^ UFS fum|: 



N !e - You ( an force an unmount of it\ activ'e -fa file system, for which a 
Sn^pshol oiisty i-for example, with thtf umount -f Command), llii* action 
deletes tho iippropri t ate snapshot automatically. 


The following example creates a snapshot «i the /expert/hoooe file 
system, and limits the backing-stare file to 500 Mbytes. 

* fwnap -F ufB -o 3^^/vaWtii!p r jo&H6ize B 50Q>4 /•ispeirfc/hctt* 

/dev/f ssn^p /0 
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Creating a UFS Snapshot 


Displaying Information for a ufs File System Snapshot 

You can use either £ ssr-ap command fco display UPS snapshot 
mJonrwUioa. 

The following example display&n li*t of all the current UFS snapshots on 
thi> system. The list also displays llv? corresponding virtual device for 

each snapshot 


1 faaaw -1 

0 /acqecrt/heiroo 

1 /u ,DU 

2 /database 


You use the -i option to the /usr / lib^a/uts / finacvife command to 
display detailed ir\fotmati*n for a specific UPS snapshot tfiat was created 
by the tsen^ command. 


The following c^mpW shows the details for the /te*rrt/t\orae snapshot. 


H /\isjr/lil>/fs/ufB/f&*»ap -i 

Snapshot liilftiber 

Bl^ck D-vice 

?a» ftevieft 

M#un- poir.t 

Device snathe 

Backing StCFG P^ch 

Backing Blfolii size 

ttaxiroar 3tore ftize 



/a^port/hom# 

: • $ % 
t /d^F/fssnap/# 

/dev/r f ssiflp/O 
/e^rocp/hoctie 
idle .-■ 

/ va r Jtitip / sj lflffeshotQ 
0 KE 

512000 KB 


create Tiraa 

Copy-«n-write e^ttuiarit^. 


3 Jfcv* 2pr 22 08:58:33 2002 
: 32 MB 


Oacfc*^ Up a Mourned File System W*ti a UFS Sn^tr-hd 

Copy ngtfl 20 B) So f» Mc^y^rJIiLlrt. M firs Su n Serves*. Hevfeien K2 
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Bac king Up th e UFS S napshot File _ _______ 

Backing Up the UFS Snapshot File 

The virtual devices that contain the UFS snapshot act as sUmdrird 
readonly de\doe£, which enable you to back up the virtual device in the 
same manner as you would back up a hie system. 


Performing a Backup of a UFS Snapshot 

You can use Ih*- i&r command or the- ufsdu^ eonunand to back up a 
UFS snapshot. 


Using Ihe tar Command lo Back Up a Snapshot-File 

=1% ’’ 

If you tijvc die tar command to back up th£ WPS snapshot mount the 
snapshot befoie hacking it up. The following procedure demons traks 

how to do this type Q^nount v V 

1. Create the mount point f£r the block virtual device. 

- -p A^fkopa/ h^iTiB .Htiy 

2. Mount tho hiock'-^rtu.d device to t$e mount 

# mount —P Mis -o ro /deWfa§nap/o /^^upg/honft.bkup 

3. Change directoiy to the mo^nt pointy. 

4 Cd /Kack>xp* /bd*e .bkup 

-l. U*o tl>e tar command lo wiite the data lo tape. 

& tar cvf /Gwv/rac/G * 


Using (he ufscLur? Command 

If y*n use the utSSurnp comn\and to back up a Ut^S snapshot, you Cim 
spec.fy Iho raiv virtu?il device during the backup* 

* a£»dung> Out /dev/rmt/O /dev/rfaso^p/O 

Verity that the UFS snapshot is backed up. 

r ufarastar* tf /^v/rat /0 
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Backing Up the UFS Snapshot File 


Performing an Incremental Backup of a UFS Snapshot 


Incranentil ^snapshots contain files that harvebeen modified since the U»st 
UFS snapshot, You use the ufsdujnje command with the N option to create 
an :ncreiru>nhfcl UFS snapshot, which writes the name of the device being 
backed up, father than the name of the snapshot device to the 
/etc/duirpdazes file. 

The following example shows how to use the ufedunp cnznmand to cnrale 
a n incremental backup of a hie system. 

# uf®du/np lu£N /dev/uot/0 /dev/rdtsfc/cltOdOeO /dev/rfs*nap/0 


Next you would verify that the UFS snapshot is backed up to tape. 
t£ /dw/BSt/O 

I % V- 

To understand incremental backups snapshots, consider the following 
demonstratkav m 4 * ^ 

■5| * If ( 

1. Create k\ snapshot bf thk ( /extra file system that is going to bn 
backed up wlale the file System is mounted. 

f f5snap ~o b*=/v«r/fcfiip /eittia 

/dev/fs£/lflp/ 0 
* 

2. Verify that Ihfc snapshot was successful and view detailed 
infonnaUun about the snapshol. 

# fssaaftp -1 

0 /extra* 

7 /ta&r/lib/fs/ufs/fft&aap -i /extra 

snapshot r.unber 1 J5” ■ i o 

/dev/fsanajp/O 
/der^/rfssnaP/* 

/e:<tra 
idle 

/’war/ 3tp/sn»i^£hotj0 
0 KB 

Unlimited 

Thu Apr 04 ll;34:21 2002 
jl2 KB 


: »• 


Block Dtnrice 
Raw levies 
Meunt point; 

•evice s~ace 
Racking 9 Lore pafcr. 

^nbiTtc store size 
Haxianzn backing ~zote 9iae 
snapshot create tiit^ 

Ccpy-en-w^rite yrcinularity 

3. fdakt: ti directory that wii I bn used to mount »nd view- the snapshot 
data. 


9 i wliU r 

# 


lack]rig Upa Mounted RSystem WWva UFS Snapshot 
C(B)«^2fl03Aii)Atew^OTS»^Al R««(vwt 9i*iSeftrrin, ftwi»lcnA2 
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Baching U p the U FS Snapsh ot FHe 


4. Mount the *(nap«hot to the new mountpoint, and compare th e siae */ 
the Hie system and the snapshot device. 

* mount -o ro /d©v*/fas»ap/0 /extraanap 
it d£ -k |gr€p extra 

/dev/dsk/cltCdCsO 1294022 9 1242254 1% /extra 

/deWtssr.ap/O 1294023 9 ,242254 1^ /exrrasnap 

5. Edit a file under the /extra directory and make it larger, and then 
compare lhc$:ze of the file system and the snapshot device 

* vi file! 

(ydnk and \y\yz text, or read text in from another file) 

Tt d£ -k Jgrfp extra 

/dw/dslc-elbCdOsO 1294023 20 124*243 ?k*tra 

/dev/fsssnap/O 3294023 9 1242254 1% /^xLrrasnap 

Observe thot the Ole &v*tem grow in siize v\ r Hile snapshot filo did 

not. I fe 

6. Perform a full backup with the ttop$i«n of the ulsdunp command. 

4 ufadurro QufN /dev/rmt/0 /dev/rdek/dtOdOaO /6#rv/rfsasnap/O 

ioritir-3 22 Kilobyte '^ : 

CaL« or tlniS l^r-el C 2302 ;0:49:22 AM MOT 

Bate cf last _cvd 1 0 omia^th* epoch 

•unrpirjg /dev/V-asuap/i (sfl|41 j/extraenap) to /dev/nnt/O. 

Mapping (F*» 1) IraRular o'3«l 
Haf^xng (Pass II} idirecboriesl 
^ti»P|J3G2 tracks U31gB) , 

Dlu. ntfjfifpaiaw T’i||> [dii-ec^CiL'iea] 

Dutrjplr,3 ‘Pass rvS fr^g-lar M Le^l 
Tape rewdndir% 

254 blOG.J^., (127^J tn 1 valu/ne at 10 4 KB/s«c 
■UMP IS -to® fjj| 

Level a dunp on Thu ,04 2002 10:49:36 AH MffT 

7. YeriWWhe backup. 

# u£■restore tf /dev/mit/0 

2 

3 ./filel 

4 ./file2 

5 ./flie3 

6 ,/fil*4 

-1 

17 

8. Unmount the back up device and remove th> srvttpsho*. 

# urcrunt- /«xk T ^SE©p 
4 Emnnap -4 /extra 

I rm /var /tap /gnapahr>tO 


DJMP: 
DUMP: 
DLTCP: 
HWP; 
UJMF: 
i2UHPi 
DUMP i 
•UMP: 
tmp? 
DUMP: 
DUMP: 
•UMP: 
DUMPi 


17-8 Intermediate System Aa minisiFatlor» for the Sotehs lM 9 OpstaUnt ErVMironmenl 

Ctpvn^u 200!*St*i MIcrOAyiiem^ Inc, AU Highcs Reserved,-Sun Servfcw. Hevfaicn A 2 










Backing Up the UF$ Snapshot File 


9. Mate some changes to the /extra file system, such as copying some 
fiJcs r and then recreate the snapshot. 

* cp filel files 
it cp filel fil*6 
4 f§*nap -o b 5 »/ 74 r/ta^ /extra 

/dev/fssnasa/O 


10. Re-niount tlie snapshot device nnd compare Ihe size of the file 
&yst*crumd the snapshot device 

4 oxxint -o to /dev/fsenop/O /extrasnap 
- 4f -k lyxey 

/dev/dsk/cltDdOaO L2M223 45 3242217 Ifc /exrra 

/dev/'faanap/C :294023 46 1242217 1% /extrasnap 


It. Perform an incremental backup with ifeeN option of the ufaoinp 
command. 

4 uf&duBfs lutw /dter/xwt/O /dev/rt•■nap/O 

DUdiP: writing 32 Kilobyte records Sg^ * 

DUMP: Pare mC this level 1 di*rp: thu #4 AdSfk^ 1G : WST 
DUI4Pi Bare of la&L level I cU?l> ^hu 04 ^ISpa 10 M3T 

DLJWP; Dur^ir-g /dev/rfssnap/O i/ftxtrasnapj to /dev/nr. L/C* 

Dt2£?: Hipping (?t^s "J [regular files! 

TXflCP: napping (Pass ~Z) to‘irecrcri«s| 

DUMP: S^naLml 294 Hacks Q4TK5). 

OJM.Hr oi^^tasr (Pass in) [directorial 
DUMP: VuSgfag fr&*jK> CretulSLL- >f!ieaj 
•OKP- 'rape rewinding 

DUMP: 254 blocks ( 127 K 3 ) Oft 1 vcltne at 1692 EB/eec 
DUMP; 3 B*P IS tCNZ 

DUMT: fcevel a dMp =n Thu »4 A#r -»»2 It: 59:11 AM MST 

* St 

12. Verify the backup. 

/deWrmt/0 


ufftTOdCore tf 

2 


./fiJeS 
./fileb 


Notice that the btKkup of (he snapshot «onLains oniy the files (hit were 
added since the previous Level C backup- 


eacfclngi UP a Mounted File System with a UFS SnaMhtf 
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Backin g U p the UF $ Snapshot File 


Restoring Data From a UFS Snapshot Backup 


The backup crcawd from a virtual device is a backup of the original file 
system when the UPS sitapshet was taken. 

You restore a UFS snapshot tram a backup tape in the same manner as 
you w#uld the backup of an original filesystem. 


'Id restore Lhe cone directory from the snapshot backup of the usr filo 
system, complete the following steps; 

1. Load theta that contains the snapshot backup of the /usr hie 
system into the tape drive. 

2 , Change to the /uar file system* 


# cd /usr 


m: 
* * 


3. Perfram the a uf command 

m ufsrtrotore If /dav/rmt/O 

uf.sreecorG > add dwvo 
ufsrwst.ere > azfcrdct 
Specify next v#lu:nB #r 1 
set •wtl^r/mcde far ' - J ? Cyril n 

uzsras-O^re > quit 




4 Verify that the demo directory exists, and qet_4 the tape. 


% 




Deleting a UF^gnapshot 

Deleting a UFS snapshot from the system is a multisiep process and 



. order-dq 

l^fglpfthot" 


# uroupi: /deWf sanftp/O 

# Is snap ~d /«Rpcrt/h£«aa 

# /2MLTkixv_ s t02^L file 


. First unmount the snapshot device^ and then delete the 
kemovc the bcicking-fttere file. 
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Performing the Exercises 


Performing the Exercises 

You have the option to complete any one of three versions of a lalx !• 
decide which to <*ns\ilt the following descriptions of the levels: 

« LevH 1 — This ver;i«fi of the lab provides the least amount of 

guidance. Each bulleted paragraph provides a task description, but 

you must determine your own way of accomplishing each ta.sk 

• Level 2 - Thia version of Ihe lab provides more guidance. Although 
each step describes what you siiould do, you must determi ne the 
cummandfr {and options) bo input 

e Level 3 - This version ol the lab is the to accomplish because 

each step provides racily what you should input to the syntem. This 
level also includes the task solutions'for'all three levels. 

|*.\ 

1 



Backing up a Mounts File S/ateu? With a UFS Straps hoi 
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Exerci se: Work ing Wi th UF$ Sn aps hot (L evel 1) 

Exercise: Working With UFS Snapshots (Level 1) 


77-12 


In this exercise, you create a UFS snapshot of the /o»t Ole system, 
display detailed information for the UFS snapshot, and then remove the 
snapshot and backing-store file. 

Tasks 

Complete the following tasks: 

• Create a snapshot of the /opt file system 

• View the contents of the badking-^to^ directory 

• display detailed information about the snapshot 

• Remove the snapshot from the system 



i oiwniecfcneSystem Admintsl^a^tK the So&#js'“ 9 Opetming ewFonmani 

CofVT^M 2 Q(aSi^ M»cr»6y5l9mB.<rtC. W AigNs Abb* rvsd. -Sun SenlcM, RivlUcm A* 






Exercise: Worthing With UFS Snapshots {Level 2) 


Exercise: Working With UFS Snapshots (Levei 2) 

In this exercise, you creole a UFS snapshot #f the /*pt file syste m, display 
detailed in/ormnlion for the UFS snapshot/ and then remove the snapshot 
and backing-storo file. 

Task Summary 

In this exerdye, you nceotnpliah the following: 

• Create a anapshot of the /opr file system - • 

• View 1 the content* of the bac ing store direcfctfy 

• t^ispJay detailed information aboui the srw^Hot 

• flenovc the snapshot from the system 

Tasks 


2 . 



Complete the fallowing steps: 

1 - Create a sn upshot of the / opt file ey^ten&without spenfyir\g a/lie 
name for the badcing-Hfere file. ^ ~ 

\5s3W the cotiUmU of th£ /var/tnp ftte system 
WlSftl j| fht- 1 del ault namLr assigned a backing-store file? 

Display feht* detailed information about the snapshot. 

What isj. the maximum backing-store file $i*e for the snapshot? 
l>etete the snapshot from the system. 

View the contents of the file system 

Has tlie backiAg-slore hie been ranoved? 

Remove the backiog-$k>re file that you created in Step 1. 


Bacttng Up aMot/MSd Fite System VM\ a UFS Snapshot 
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Ex ercise: Workin g With UF S Snapshots (Level 3) 


Exercise: Working With UFS Snapshots (Level 3) 

In this exorcise, you create a UPS snapshot of the /opt file system,display 
detailed in/omrv*»on for the LTF5 sisapsltot, arvd then remove ihe $r»apsiu>t 

and backing-store fiJe, 


Task Summary 


In this eXEjvise, you accomplish th* following; 

• Create a snapshot of the /opt. file system 

• View the contents of the backing-store directory 

• Display detailed information about thgspaapahut 


Remove the snapshot from the ^ystens 


% 


Tasks and Solutions 


■V jk 

3.1 Display 


Complete tlio following 

1 Create a snapshot of the ffipi. file systan without ^ea(yij\g a file 
name for the backing*«tore file. 

tt feflna*> -F Ufs -o /opt 

m. I 

2. View the ca&fents ot th£ /Wr/e^p^e system. 

What is 1 he default A»lme assigned to a backing-store file? 

jn.3i:'.,;hQtO 

detailed information about the *n*tpshot. 

it /Uflx/Xib/f»/u^e/fssn^ -i /opt 

What is the maximum backing-store file size l#r the snapshot? 

Unlimited 

4. delete the snapshot from the System. 

M f ffffTTflp -d /OSC 

3 View the contents of the / var /Lip tile system. Has the backing-store 
file been removed? 

No 

6 . Remove the backing^tme file you created in Step 1 - 

* rm /vax/ttrep/©n^p«botO 
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Exercise Summary 


Exercise Summary 



D isolation — Take a few minules K> diacn&s whal experiences cssviesy or 
discoveries you had during the Iah exercises,. 

• Experiences 

• intorpfvtHtions 

• Conclusions 

• Applications 



Bating Up a Mounted FVa System wail aUF 

C«pyrt0T>13<M3Sin Mlcrwygiomi.lnc A1lrtl0W9Ro«t^vid.SonSefvJoo«.flevisitn hZ 


17-15 







A 

abort key sequence ft-# 
accept command 13-3 
accessing removable media 4-25 
adding software packages 
command 6 7 

adjust ing a link counter 3-20 
acini nevount '11-5 
ndnihiistering Volume 
Management 4-24 
at command 
| allowing access 14-15 
cuntr oiling acoeus 14-14 
deny i n g access 14-14 
executing 14-13 
overview 14-12 
autoconfiguration 9-7 
automatic execution of 
commands 14-15 

B 

backing-store file 
definition 17-3 
limiting sizx? 17-4 
backup 

before installation 5-11 
def initioix of 15-2 
frtSjuency and levels 15-7 

full 15-7 
inavmettial 15-7 
informatitn 15-9 


level definitions 15 -& 
numbe^oftapes 15 6 

remote 15-13 
restore file system 16-3 
raetoresyratahl« L 6-2 

catering snapeiiot 17*10 
scheduling 15-7 
|L strategy ^5-6 
back u p Superblock 3-7 
Samer command 6-12 
bin account 10-5 
blacks, cytindmr gnxup 3-8 
boot 

block 3-7 

device 9-5 

disk device path name 8-29 
proofs 9-4,9-11 
secondly program 9-5 
boot -a command 9-10 
boot command 2-19, S-12 
boot PR#M 

boot sequence 9-5 
commands 5-11 
dclinition of 3-3 
overview ft-2 
booth! k cummand 3- 7 
bootblk program 9-5 
boot device parameter 3-26 
budgets, disaster tecoveiy 16-27 
bus configuration 2-16 
busy filesystem 4-17 


Inc. ATI A^SWVBd. StWK ^viLitr'i A£ 


lndex -1 









c 

CDE prc>oe«>siru\nc\ger 14-2 
CD-R«v1 
drive 4-22 
CD-R*M drive 
location 4-22 

change group command 11-38 
change wner command 11-36 
ChcWges HklO 

changes in recovery plan 16-30 
clianging default printer 12-^15 
changing NVRAM parameters d^l6, 8-27 
checking 

filesystems 4-11 

packages command 6-8 
chtfL'P command 11-33 
chcwn coni rid 11 -36 
cla^sname 12-31 
cl uxter con Tig u ration 5-5 
c#tnzxvand'ILne look lO-ll 
commands 

•ProHewt 11-4 
/eTzc/du-^^t^s 15-9 
/eiic/init,d/lp start 12-37 
/ecc/init,d/lp scop 12-37 
/u*r/dt/bin/ sd*:.prcce$s 14-2 
/usr/*.aom/ admin/fc1n- 
prii:t^r 12-20 

accept. 1>3 
at 14*12 
banner 6-12 
boor 2-1^6-12 
boot -a 0-10 
boot PROM 8-1L 
3-7 

rhw^P 11-38 
cl 11-36 
ccn^w:o$s 154 
devoid as 8-24 
devf s-acM 2-21) 
tff 3-23 
di-nab le 13-3 
du 3-25 
®epr#iu $ -27 

enakle 13-3 


* 


Cimger 1M 
fmtbard 2-50 
^cnat 2-18, 2-32 
Cack 3-16, 3-17, 3-18, 4-11 
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dak mounted 4-6 
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structure 1-2 
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disk 

backup 2-36 
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Console Storage Manager 2-73 
label 3-6 
labels 2’34 
number 2-8 
overlapping shoes 2-35 
partition 2-36 
^partitioning 2-36 
slide 2-36 

undesirable conditions 2-33 
wasted space 2-34 
disk Hocks 2-4 
disk label fields 2-49 
diskname* 

J#gfcal 2-H 
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disk number 
IDE 2-8 
SC5I 2-8 
disk partitioning 
s value 2-44 
blocks 2-12 
cylinders 2-42 
bag 2-42 
part 2-42 
procedure 2-38 
sire 2-42 
SMC 2-73 
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disk slice 
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disk number 
file system 1-2 
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offset 2-33 
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target number 2-8 
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us^ge command 3-23 
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command 3-25 

Dynamic Host Configuration J’nHottil 
(DHCP) 5-16 
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backup 15-2 

backup informati on 15-9 
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ninfree 3-15 

monitoring 3-23 

mount point 4-2 
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mounting manually 4-8 

mounting new 4-12 

name 15-6 

PO'S 4-15 

f^eudo 3-3/4-7 

rcstojring i<>~3 

r—t type 9-10 

state flag 3-16 

structure 1“2 

UF5 3-2, 3-4 

unmount al I 4-17 

unmounting 4-16 
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ZTKMS/ .rhosts 11-16 
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backing-store 17-3 
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creating regular files 1-9 
cror.tab 14-15 
dnto blocks 1-6 
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failed login 11-6 
file names 1-6 
inrsdt 5 ^-1-6 
list command 1-8 
teguJa^!~9 
repairing 4-19 
switch 11-12 

typ* 1-8 ^ 
unreferenced 3-19 
finfer command *1-1-4 
firmware 8-2 
^jnthar command 2^5U 
To reed unmount 4-17 

parameter 9-10 
fanra'i command 2-18, 2-32 
fomvn hard disk 2-50 
FFRSM 8-3 
fragmentation 3 12 
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fecit command 
definition of 4-11 
interactive mode 3-18 
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feck program 
at bootup 3-16 
definitianof 3-16 
lost*found directory 3-17 
fecnaP command 17-2 
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f^ryp command 4-14 
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m il lockup 15*7 
fu^ei: command -1-17 
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genunix static c«re 9*6 
geographic location 5-10 
GID 10-2, If *5 
gre? c«n\nwid 6-3 
group file s^tax 10-3 
•jro^paddcoinmand L0-19 

gjceupciel command 10-21 

groups command 11-34 
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hale command 9-28 
hard disk 
cylinder 2-4 
format 2-50 
head actuator arm 2-3 
read/write heads 2^3 
Slice 2 2-4 
structure 2-2 
track 2-4 
hard sector 2-4 
hardware requiremera® 5*4 
hesrci actuator arm 2-5 ■ ■I 

help command 8-14 ^ 

help screen 2 S7 
hostIPaddres 5-10 
hostname 5-W 
H5F5 file system 4^14 


ineta daemon 12-10 
inforovui *n pane 2-71 
inir command 9-26 
inir phase 9-11 
ini- process 9-15 
init state 9-3 
init states 9-3 
initdeiault 9-12 
inexte 

allocated and unreferenced 3-19 
definition «f 1-6, 3-9 
direct pointers 3-11 
indirect pointers 3-11 
inode consistency 3-17 
install_c:l uster 7-14 
installation 
backup 3-11 
custom JumpStarl 5-3 
hardware ie%uiremente 5-4 
interactive 5-11 
pre-installation 5-10 
pre-inslallationinfonn^ition 5-9 
sof^vahe arrangement 5-5 

upgrade 5-27 
web version-5-2 
WebStart 3.0 5-2 
WebStort Flash 5-3 
installation options 5-2 
installing patches 7-9 
instance names 2-14 
integrated device electronics (IDE) 1-15 
interactive installation 5-11 
interactivemo«le 8-13 
Internet services daemon 12-10 
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i <3 command 11-35 
IWE configuration J -15,2-9 
IPE controller devices 8-20 
identifying devices 4-17 
-in, [w c.daemon 12-11 
incremental backup 15-7 
snapshot 17-7 
incremental restore 16-9 
indirect pointers 3-11 
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Jaz drive 4-22 
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kernel 

configuring 9-8 
genunix 9-6 
initialization phase 94? 
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modules 
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language 5-10, 5-12 
last command 11-5 
line pri nter command 12-12 
link command 1-12 
link Counter 3-20 
list command 1-8 
listen account lOo 
i is ting 

device pathname 8-23 
X^-KAM S \5 

system c#n6gun*tiou 2-17 
lAonromand 1-12 
load device drives 2-2J0 


localpiintpr«o«^ 12-15 
location bar 2-71 
logical device namet> 2-11 
login 

device types 11-2 
displaying ac tivi ty lj,-.^. 
enabling decking llnp 
1 ailed 

problems 10-33 

sholl 10-2 ::< ' 

troubleshooting 10-32 
login device biases 

pts 11-2 IpBSjL 
term 11-2 
logm ID 10-4 
kigin cOMTiretl 10-32 
logfe, printer requests 12-10 


looses, disaster 14-26 
ipacooiint 10-5 
Ipco/nmand 12-12 
LP Print Service 13-3 
Ipa^nin oommand 12^34 
LPM^GTenvironcnent variable 12-14 


lpx^ve cornmand 13-3 
Ip* cocrvrnarid 12-12 
Ipsehed daemon 12-15 
L s command l -3 
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magnetic tape cantml command 15-5 
make director command 1*11 
management 

approval for recovery pian 16-27 
issues to consider 16-23 
preparing f«r disasters 16-26 
minfree space 3-15 
ukdirconunand 1-11 
ro*4:iiir 9-$ 
modes 

interactive 8-13 
reconfiguration 3-13 
single-user x^-13 
verbose 8-13 
monitoring 

switch user a tt£m|/ts> 11-11 
system access 113 

mount 

Checking file system 4-11 
manually : 4-ll 

options '4-4, 4-9 
procedure 4-12 
removable media 4-23 
m*unt 4-8,4^ 
m^uni comm and 4-4, 4-13 
mo u ni point 

fbtcif/innt tab file 4-6 
column 15-6 
creating 4-12 
definition of 4-2 
mounting process 4-2 
tot «jutuvn\d 15-5 

N 

nam e service type 5-10 

navigation pane 2-70 

netmask 5-19 

netstandurd script 12-8 

network listening serv ice daemon 12-11 

network server daemon 11-3 

n«v;fs command 3-14, 4-12 

newgrp command 10-9 
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nobady account 10-6 
rto‘-x>dy4 account 10-6 
riuucia account 11-5 
nvalicis command 8-25 
NVRAM 

changing parameters 8-16/ 8-27 
chip 8-5 
definition 8-5 

NVRAM listing paramet cr* 8-15 
command 8-26 
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Opcn^ooe architecture 8-2 
overlapping disk shoes 2-35 


partition table 

customized 2^6 
saving 2-45 
Pas^rbq var iable 11-14 
password 

agU\£ 10-2 10 3 

encryption 10-3 
file s\TitAX 10-4 
user account lt-2 
patch 

cbedking cujt^ 7-4 

downloading 7f? 
formats 7*2 ■ , 

ftp utility 7-5 
installing 7-9 
ce/nnving 7-12 
pa*‘h clusters, installing 7-13 
patchadd 7-4 
patchaddO)UMnand 7-9 
£acci2zi*con>mi*nd 7-12 
path name*, boot disk 8*29 
PCFS file system 4-15 
PCMCIA card 4-22 
permission denied 10-32 


permissions 

satgid 11-40 
fifctuid 11-39 
Sticky Bit H-41 
physical device names 2-12 
physical disk structure 2-2 
^kgacld con'imatui 64,6-7 
pkschk command 6-4, 6-8 
pfcgir St command 6-1 
pXgr^acommand 6-4,6-10 
pointers 
dirert 3-11 




indirect 3-11 

Portable #penSvs*=ms Interface 
{IXySIX) 13*2 * 

PostScript filter prognu^ 12-8 
power ofiself tost (PCS T| &5, 8-6y 8-7, 
9-5 

^overall command 9-26, £2$ 

PRI 14-5 

pr:nt client 12-2 

print management toels 12*2 

Print Manger 12-2.12-20 

print Reiver 

configuration Khrardiv 12-8 
definition of 12*2 
fault notification 12-5 
initialization 12*5 
memory 12-20 
queuing 12-5 
spoiling space 12-19 
tracking 12-5 

prntserver requirements 12-19 
print services, configuring 12-19 
princenv command 815 
printer 

add access 12-25 
attached 12-22 
changing default 12-35 
class 12451 




configuration 12-3 
configuration files 12-9 
configuring 12*31 
configuring network 12-23 to 12-30 
creating a dass 12-32 
interface program files 12-9 
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load balancing 12-31 
local 12-3 

locating destination 12-12 
network 12-3, 12-22 
print filter de&cn'ptor files 12-9 
priority 12-32 
process 1245 
remote 12-3 
remote pricess 12-17 
removing a cont’iguraiion 12-35 
request log 12-10 
restart command 12-37 
specifying destination 13-2 
subdirectory c>l local printers 12"# 
system default 12-34 
temporary shutdown command 12-37 
?RIk‘ r iER environment variable 12-14 
printers 

noi.sLsuid.-ird Script 12-8 : j;g| 

[PostScript filter programs 12-8 •' ' 

scr jpt 12-7 

pr inters, c«r.f * toynatr.^ file 12-14 
printing 

accepting j«bs 13-3 
clearing hung processes 14-9 
disabling queuing 13-5 
enabling qutt&&3K4' Y ^ 
ru«vingjobs 1=38# 
overview 12-2 
rej:ecdi gjobs 134 
terminatinga hung login 14-11 
priority of printers 12-32 
pr::b-^ comiri^nds 8-17 
probc-fc&l command 
pxobe-ide command 8-2# 
pr«be-Gcsi command K-19 
pr#r** sosi.-all command 8-1# 
process 

^*>pping 4-18 
testing recovery 16-29 
process manager 14-2 
process manager window 14-3 
?K0c ess/^vjp 14-5 
processes 

/sbdn/init #-6 
/sbin/rez 9-15 


/sbi.n/rc3 #-15 
.••‘uar/li b/saf/sa.c #-16 
/usr/lib/auf /tcymcLn 9-16 
/usr/sb:n/shut:io7>Ti 9-15 
prfctat comnumd 14-4 
prtc#nf command 2-17 
prtvtoc command 2-4# 
pseudo file system 3-3,4-7 
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•juot command 

R f % 

rc scripts. See run Control (re) scripts 
read / write heads 2-3 
^e.o««t: command 9-26,9-28 
reconfiguration bwtvZ-19 
■^configuration mode Hd.3 
|econnei: ting a] I o ca f @l.I .i uirgferenccd 
,, files 3-19 
recovery plan 
Spp^feil 16 27 
budget ,.16-27 
change!^ ife-30 
cr<*itWg procedures 16-29 
: input 16-26 
\fssucs 16-26 
testing 16-2# 

recovery, special 16 6 
regular files 1-# 
reject command 13-3 
remote 

backup 15-13 
displaying users 11-3 
print pr«cciqft 12-17 
remote system users 11-3 
removable media device 4-21 
removable-media/ accessing 4-25 
remove so/tware package tx>mmand 6-10 
removing 

Custom device aliases 8-26 
removing a patch 7-12 
repardti«ning a disk 2-36 
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requirement, print server 12-19 

respawr 9-12 

restore 

/ «p t file sys tern 16-3 
/'uer 16-5 

/usr file system 16-4 
/'var 16-5 
incremertal 16-9 
interactive 16-7 
regular file system 16-2 
root file system 16-6 
re&L*re&yjiitnhl?: file 16-2 
restoring L'FS file system 16-2 
restricting ftp access 11-15 
restricting root access 11-13 
rTTTTXTUTit comnvurul 4-23 
root 

access 11-7 
account 11-5 

file system type 9-10 y 

password 5-10 
restricting access 11-13 

L'pc . ru^e. 11-3 

RSS 14-4 

run control (re:) scripts 
< rei«ting 9-23 
definition of 9-17 
direct#!^ 9-22 
executing 9-11 
run eontrtf tcriptss 
starting 9-21 
stopping £ 1 
run levels 

/Gte/initt *b file $-11 
changing 9-3 
delinitionof 9-2 
determining current 9-3 
scripts 9-20 
rusers command 11-3 
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salvaging the free list 3-2# 
s chednlcr daemon 12-11 
scheduling backups 15-7 
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ne^standard 12-5 
run control (re) 9-11 
standard 12-7 
SCSI configuration 2-9 
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